Hi Pushpa,
following are some more details:
When CA EEM is linked via LDAP to AD, all the details of users (full name, location, email, tel number, ....) which are defined in AD are also visible in CA EEM. But this is solely a real time link to AD - none of these users is created in CA EEM.
You can see these users and details as "Global Users", but you cannot modify, add, delete anything in CA EEM - it is a link only to AD.
When you add a user in CA SOI to a group, an "Application User" is created in CA EEM. This is fully editable, e.g. you can perform modifications directly in CA EEM, but they are only in the context of SOI (group membership). There are no user-details (email, ...) stored with this user. All that information is linked as explained above as "Global User Details" directly from AD.
The information kept in the CA SOI Database (tables user*) is only a link to the CA EEM user; no further details about the user is directly stored in the CA SOI DB.
The validation of userid/password is forwarded from CA EEM to AD; CA EEM does not perform this validation. This also means, if the link between CA EEM and AD is down, the user will not be able to logon.
I hope this answers your question.
MichaelBoehm