I am extremely new to IDM and have taken over support of an existing system (4.0.2) from a couple people that are no longer with my company. As such, I'm having to learn everything the hard way.

I have a request that seems super simple, but I have had no luck finding a solution, so I'm hoping someone here can help! A group of developers here have their own Active Directory server that subscribes to the vault, but does not publish anything. They made a request that they want all of the users to be placed into a specific group in their Active Directory. I have tried creating a new Command Transformation policy on the subscriber channel of that driver that sets the destination attribute "Member" on the "Group" class to the user, and sets the destination attribute "Group Membership" on the "User" class to the appropriate group. I also turned on the Reciprocal Attribute Mapping for that driver, but I'm not sure if I have that part set up properly... I read the AD Driver documentation, but didn't find that very useful for this problem.

I'm at a lost for where to go from here. Can anyone help point me in the right direction?