We use IDV (eDirectory) to store user identities with a single identity
for each user. A user may have multiple accounts in AD, i.e. standard
and privileged accounts. in addition, a user may be the admin of an
application with several system and service accounts. All these accounts
must be linked to/associated with the user's identity in the IDV.
Alternatively, we could create an eDirectory Group per application with
nested groups for different accounts (if there are different admins per
application) and associate the System and Service accounts to the nested
Groups. Owners will be added to the relevant Group so that all accounts
have an owner. When the owner of a System or Service account departs
then this should prevent the associated System and Service accounts from
being disabled and we can then add a new owner to that particular
This scenario would also apply to application accounts where a user can
have multiple accounts in one application.
Is this possible? How can it be done?

newlunga's Profile: https://forums.netiq.com/member.php?userid=11761
View this thread: https://forums.netiq.com/showthread.php?t=55710