Will try to answer the first two questions, i have no idea on the 3rd one:
- So regarding the above comment - I've noticed when you import the PROD SSO to DR SSO your AD accounts are dropped or not added to the DR SSO and you have to add them back. What's even stranger when your all done with the DR build and you export the DR SSO and import to the PROD SSO it removes the AD accts you had manually added to the PROD SSO? That seems like a bug? Why does this happen? You have to remember after each import of SSO to manually add back in your AD accounts? Not effecient in my opinion.
This should not happen. Post the export of Prod SSO and import to DR SSO, once the DR SSO is setup and exported back to PROD, both SSO should have the same data.
"2.I've noticed after importing the PROD SSO to DR the password policy at the DR site has been modified to reflect the password policy at the PROD site SSO. May be normal but unexpected considering question 1 above. Seems like some aspects of SSO manaul replication is tightly integrated while others like preserving company domain accts are not?"
Password policy will be replicated along with users.