I'm having some trouble trying to move users to another OU using the
bi-directional eDir driver and was hoping someone had some suggestions.

My Environment
IDM 4.0.2
eDIR 8.8.7 Patch 5

Just to test/play around I've created a command policy in the subscriber
channel that will attempt to move a user if their department changes.
I've tried using the DN the destination OU but I keep getting a (-9010)
error. According to 'TID 7011785'
(https://www.novell.com/support/kb/doc.php?id=7011785) I should be using
the association for the destination OU.

This is where I'm starting to get a little confused. Our IDVault is a
flat structure with all the users in a single container. The eDir tree
that we're syncing to has a more complex structure with multiple OUs.
Right now we only sync users, not groups or OUs.

What should I be using for the association value for the destination DN?
Should it just be the GUID of the OU in the destination eDir tree?

pkoochin's Profile: https://forums.netiq.com/member.php?userid=169
View this thread: https://forums.netiq.com/showthread.php?t=51272