Oracle BPM 10g FDI (Fuego Directory Interface) Hybrid configuration enables authentication and authorization to be delegated to Microsoft Active Directory while the rest of the metadata needed by Oracle BPM resides in the FDI database managed by Oracle BPM.  Discussed here are recommendations on how and where the directory information should be created, maintained and synchronized to ensure participants have their correct permissions.