I am a 'beginner' to IDM and have been doing quite a bit of reading, but
have several questions I would like clarification on. My end goal is to
sync several different user OU's in edir to the same OU's in AD.

Best practice suggests using the edir-edir driver to sync my current
tree to the ID vault and then sync that with AD. In my test
environment, I am currently just working with edir-edir before bringing
AD into the mix. Taking all the defaults, everyone ends up in a users
location on the tree in the ID vault. I did flat placement. Maybe this
isn't the right terminology, but how will I map these users to the right
OU going forward to AD ? Should I be using mirrored instead ?

What can be done to restrict what gets pulled into the ID vault- rights
on a certain user during the configuration ? I set it at the top of the
tree and it is pulling everyone I create in my edir tree into the vault.
If I set it to a specific OU, only users in that OU get brought over,
but in the end I have 4 OU's at the same level that I want to bring
over. Will the default driver work for this or will the policies need
to be modified ?

jpws6's Profile: https://forums.netiq.com/member.php?userid=9419
View this thread: https://forums.netiq.com/showthread.php?t=53231