Recently geoffc submitted a very useful hint about the 9063 error. However, I know that most administrators do not watch their trace files as well as they should, and having trace level set to 3 to see the details will slow down the drivers. If you want to be notified when an IDM -9063 error occurs, but you do not have Audit or Sentinel running, you can use email notifications.
The following code snippet placed in the Publisher Channel Input Transformation Policy Set will detect an error -9063 and send an email complete with the failed user object dn. (The snippet is also attached for easy downloading).
<description>Status Error Handling: User Already Associated</description>
<do-set-local-variable name="lv-dn" scope="policy">
<do-send-email server="mail.company.com" type="text">
<token-text xml:space="preserve">Error 9063 Detected</token-text>
<token-text xml:space="preserve">Error 9063 was detected during a match of user </token-text>
Disclaimer: As with everything else at Cool Solutions, this content is definitely not supported by Novell (so don't even think of calling Support if you try something and it blows up).
It was contributed by a community member and is published "as is." It seems to have worked for at least one person, and might work for you. But please be sure to test, test, test before you do anything drastic with it.