While the delegated directories are a nice attempt to solve problems with membership of LDAP/AD users into Crowd controlled groups, it falls short since it is a one time load or manual load. This introduces more administrative overhead for managing users - something Crowd was suppose to help. So now I have LDAP/AD users and groups and a copy in the delegated directory, so I need a automated way to keep these in sync. The fact that Crowd will automatically add a user to the delegated directory if they successfully validate to LDAP/AD doesn't help because they are missing their group membership which is critical for proper authorities. So either make the delegated directory smart enough to keep in sync or provide a remote API (SOAP) to allow the sync operation to be automated. The API should allow for a sync update to complete without application interruption. Must support option to allow deleted users to remain in delegated directory as disabled users.