Security Audit Log & Central User Administration

What does the Security Audit Log record, and which transactions configure and analyze it?

How does the LDAP connector relate to CUA, and what does SAP NetWeaver IdM add?

Which transactions activate CUA and control its per-field user distribution?

How are existing child-system users brought into CUA, and how is CUA removed?

Which parameters activate and size the Security Audit Log?

What does Central User Administration (CUA) do, and what changes after setup?

What does the User Information System (SUIM) analyze, and what is special about change documents?

In current SAP systems, which transactions replaced SM19 and SM20 for the Security Audit Log?