Hello,

Using IDM 3.5.1, MAD 2008..

We have an AD Only group that shows live accounts. I can add members
to this group with a simple add member of group... but i would like to
remove them from this group depending on certain conditions. I have
setup the following :

<rule>
<description>Remove users from groups</description>
<conditions>
<and>
<if-class-name mode="nocase" op="equal">User</if-class-name>
<if-op-attr mode="nocase" name="PerRecordStatus"
op="changing-to">REMOVE</if-op-attr>
</and>
<and>
<if-class-name mode="nocase" op="equal">User</if-class-name>
<if-op-attr mode="nocase" name="PerRecordStatus"
op="changing-to">Leaver</if-op-attr>
</and>
</conditions>
<actions>
<do-clear-dest-attr-value class-name="Group" name="Member"
when="after"/>
</actions>
</rule>

and the rule flows through to the AD remote loader, looks like it does
the remove but the user is still in the group.. I know i have done a
clear, I have also tried removing from the CN=Live Accounts,OU=..... as
well and it does the same delete shows but still a member. What am I
doing wrong ??

Thanks

Jeff


--
Stonej
------------------------------------------------------------------------
Stonej's Profile: http://forums.novell.com/member.php?userid=5381
View this thread: http://forums.novell.com/showthread.php?t=444681