Hi all: My eDir-to-AD setup is finally working OK. But - when I create a new user in eDir I see a veto in the driver trace:

Message: Code(-8015) Operation vetoed my filter.

So I checked the log in the IDM Vault and I see this:

<status level="warning">Code(-8017) Operation vetoed by object creation policy.<application>DirXML</application>
<module>Active Directory Driver</module>

OK, so it looks like the create policy is vetoing "something", but what that "something" is is still a mystery to me. The creation policy has two vetoes: 1. Veto if not a user; or 2. Veto is nspmDistrbutionPassword is not available. Since the object is a user I will assume it is NOT #1 which leaves #2. nspmDistrbutionPassword appears related to NMAS, but that is as much as I know currently.

IDM is now working and I am not THAT concerned at the moment, but I would like to clear up this error. Any suggestions? Thanks.