When new user is created inside AD, I am getting the below event inside driver log.
<nds dtdversion="2.2">
<source>
<product build="20170106_120000" instance="\IDM45\system\driverset1\Active Directory Driver" version="4.0.2.1">AD</product>
<contact>NetIQ Corporation</contact>
</source>
<input>
<add class-name="user" event-id="Active Directory Driver##163391e0760##0" src-dn="CN=Test User14,CN=Users,CN=IDM,DC=DEMO,DC=local">
<association>f5fa402516649341913785835fb54d63</association>
<add-attr attr-name="accountExpires">
<value naming="false" type="string">9223372036854775807</value>
</add-attr>
<add-attr attr-name="dirxml-uACAccountDisable">
<value type="state">false</value>
</add-attr>
<add-attr attr-name="displayName">
<value naming="false" type="string">Test User14</value>
</add-attr>
<add-attr attr-name="givenName">
<value naming="false" type="string">Test</value>
</add-attr>
<add-attr attr-name="sAMAccountName">
<value naming="false" type="string">tuser14</value>
</add-attr>
<add-attr attr-name="sn">
<value naming="false" type="string">User14</value>
</add-attr>
<add-attr attr-name="userPrincipalName">
<value naming="false" type="string">tuser14@DEMO.local</value>
</add-attr>
</add>
</input>
</nds>
I can able to do veto when new User has not the group membership (idmgrp) inside AD. But when I was adding the group (idmgrp) inside that User (Test User14), this user is not sync from AD to eDir.
When I was adding group (idmgrp) in user (Test User14) inside AD, the below event is getting inside driver log.
<nds dtdversion="2.2">
<source>
<product build="20170106_120000" instance="\IDM45\system\driverset1\Active Directory Driver1" version="4.0.2.1">AD</product>
<contact>NetIQ Corporation</contact>
</source>
<input>
<modify class-name="group" event-id="0" src-dn="CN=idmgrp,CN=Groups,CN=IDM,DC=DEMO,DC=local">
<association>f99bd9ed9d737e4dbe251c6b274aed23</association>
<modify-attr attr-name="member">
<remove-all-values/>
<add-value>
<value association-ref="3b6bb6db730c5a4db1f7df0a578caad4" naming="false" type="dn">CN=Test User14,CN=Users,CN=IDM,DC=DEMO,DC=local</value>
<value association-ref="59ba771329a534488a60ce86ff19374c" naming="false" type="dn">CN=Test User10,CN=Users,CN=IDM,DC=DEMO,DC=local</value>
<value association-ref="392d4c4ef046d84f8a993db5164f6e2b" naming="false" type="dn">CN=Test User07,CN=Users,CN=IDM,DC=DEMO,DC=local</value>
<value association-ref="c037b315aaace14a86035161047d4cb8" naming="false" type="dn">CN=tmp1,CN=Users,CN=IDM,DC=DEMO,DC=local</value>
</add-value>
</modify-attr>
</modify>
</input>
</nds>
When I was removing the group (idmgrp) from user (Test User14) inside AD, the below event is getting inside driver log.
<nds dtdversion="2.2">
<source>
<product build="20170106_120000" instance="\IDM45\system\driverset1\Active Directory Driver1" version="4.0.2.1">AD</product>
<contact>NetIQ Corporation</contact>
</source>
<input>
<modify class-name="group" event-id="0" src-dn="CN=idmgrp,CN=Groups,CN=IDM,DC=DEMO,DC=local">
<association>f99bd9ed9d737e4dbe251c6b274aed23</association>
<modify-attr attr-name="member">
<remove-all-values/>
<add-value>
<value association-ref="59ba771329a534488a60ce86ff19374c" naming="false" type="dn">CN=Test User10,CN=Users,CN=IDM,DC=DEMO,DC=local</value>
<value association-ref="392d4c4ef046d84f8a993db5164f6e2b" naming="false" type="dn">CN=Test User07,CN=Users,CN=IDM,DC=DEMO,DC=local</value>
<value association-ref="c037b315aaace14a86035161047d4cb8" naming="false" type="dn">CN=tmp1,CN=Users,CN=IDM,DC=DEMO,DC=local</value>
</add-value>
</modify-attr>
</modify>
</input>
</nds>
