I have an eDir to eDir driver connecting my Vault edir and my Tree edir
instances. Changes made to my student accounts, passing from the vault
to the tree, are adding group memberships to the accounts in the tree.
This leaves my groups and members in the tree correct and like I want
them, but then those group memberships do not get synce'd/updated back
in the vault. Hanging off of my vault is my AD driver to my exchange
environment in which I sync those group memberships as well which they
are used for email distribution groups.

So what I am left with is when accounts get updated in the vault, the
member is added to the group in the Tree as it syncs to the Tree, but
those group memberships are not synced back to the vault and obviously
not to exchange as well.......I am guessing that the edir driver in the
Tree is not going to send group membership changes out the publisher
channel that it received on the subscriber channel......I guess it would
see that as a loop if it were to actually do so.

How would one suggest handling this. Our IDM infrastructure is setup so
that the Vault handles users and the Tree handles groups...so just
adding the users directly to a/the group in the vault is not a solution
I can put in place. Thank you in advance for your suggestions.

wferguson's Profile: https://forums.netiq.com/member.php?userid=360
View this thread: https://forums.netiq.com/showthread.php?t=54074