Regarding nested group synchronization eDir->AD

At the time of writing, AD is able to handle nested group hierarchies, so
for example can put groups of the same type (global groups for example)
into other groups of the same type.

We would very much like to represent the nested hierarchy we already have
in place in edirectory, in active directory (read we would like to sync
the nested hierarchy from eDir to AD).
The IdM system is authoritative for this information (since everything is
neat, secure, compliant and automated in that system).

In eDirectory a nested groups attributes are:
"Group Membership" for parent relation
"groupMember" for child relations.
It does seen that the "Group Membership" attribute contains all the groups
parents as well.
It does seem that the "groupMember" attribute contains all the nested
children as well.
In our situation, we also have a "StructuralParent" attribute, which
points to which ONE parent a nested Group has.
This was because we never found a way of figuring out how we could tell
which group(s) were immediate parents or children.

In active directory nested group attributes are:
member for groups and users that are members of this group
memberOf for groups that this group is member of (this attribute is not

Questions.... og questions....

First of all:
How do we find out which groups are immediate children and/or parents of
each other?

Since AD use the same attribute for both users group memberships and
groups group memberships, does anyone have an idea how to solve the issue,
that we will be syncing groups memberships and users memberships to the
same AD attribute (in edir they are separate attributes)?

The only thing I can really come up with, is a separate driver, which will
maintain the group relations.