I was able to figure out my associations issue that I posted a couple
weeks ago. Everyone in our context has an established association now.
However, I noticed a new problem. Apparently, Identity Manager group
memberships are "atomic", meaning that if one change fails, they all
fail. This is a problem because I need to add users outside of our
context to a group within our context. This means that if, say I am
adding 20-30 users (not too unusual), and one of them happens to be
outside of our context (will have no associated AD account), none of
them will be added on the AD side. Again, not a big problem, as we just
don`t select that user for the add operation along with the other users.
However, if that user is ever removed from the group on the eDirectory
side, the entire group membership is cleared on the AD side, since
apparently Identity Manager clears the entire group before doing
Is there a way to change this functionality so that Identity Manager
doesn`t clear the entire group?

We are running IDM version with the AD driver, which sync`s a
single eDirectory OU to an Active Directory domain OU.

Hawk312's Profile: https://forums.netiq.com/member.php?userid=874
View this thread: https://forums.netiq.com/showthread.php?t=51288