I am trying to do something I thought was easy but the solution seems to
elude me. The scenario I have is as follows:
- A user is created in an Active Directory and a password is set
--> This generates two events in AD, both of which are Veto'ed (this
works fine)
- The user is added to a special group
--> The change in group membership triggers a sync of the user object
in AD (this does NOT work)
- The user object is processed by two drivers that handle placement and
object naming (they work fine)
- Finally, the user object is copied to another Active Directory (this
also works fine)

Everything seems to work fine, up to the point where the change in group
membership should trigger a sync of the user. I have tried several
different approaches:
- Setting a value in the Facsimile Telephone Number (Source attribute)
--> No value is set, even though the filters should permit it
- I tried to force the sync as described by nbligh in the following
--> I only tried the first method, as that was the only one I could
figure out how to adapt to my needs (XPath is not my specialty)
- I have also tried Geoffrey Carmans approach, which is very similar to
what I need:
--> No sync is performed (but maybe I didn't manage to set the values

I have created a trace file (http://pastebin.com/jzaTaNQa) that shows a
change in the group membership. Based on that, can someone tell me why I
am unable to sync the user object?

IDM version: Standard edition (Engine + RL)
AD driver version:


Yes, I am aware of the -604 error - it will be dealt with once this
problem is fixed :-)

rstorstrom's Profile: https://forums.netiq.com/member.php?userid=481
View this thread: https://forums.netiq.com/showthread.php?t=52737