Hi Gents,

IDM 3.5.1, MS AD: windows 2K8 R2

I created a policy, when user's attribute is changed in Vault, the AD
driver will add the user's AD account into corresponding AD group,
however, from the log, the result looks successful, but actually the
user's AD account was not added into the AD group, could you please help
to check where I'm wrong? many thanks.

THE POLICY:[/B] <RULE>
<DESCRIPTION>ADD USER INTO PINSAFE GROUPS</DESCRIPTION>
<CONDITIONS>
<AND>
<IF-CLASS-NAME MODE=\"NOCASE\" OP=\"EQUAL\">USER</IF-CLASS-NAME>
<IF-OP-ATTR NAME=\"COMPANYINBOUNDACCESS\" OP=\"CHANGING\"/>
<IF-SRC-ATTR NAME=\"COMPANYADID\" OP=\"AVAILABLE\"/>
</AND>
</CONDITIONS>
<ACTIONS>
<DO-IF>
<ARG-CONDITIONS>
<AND>
<IF-SRC-ATTR MODE=\"NOCASE\" NAME=\"COMPANYINBOUNDACCESS\"
OP=\"EQUAL\">FAMILYEMAILSIMPLE</IF-SRC-ATTR>
</AND>
</ARG-CONDITIONS>
<ARG-ACTIONS>
<DO-SET-OP-DEST-DN>
<ARG-DN>
<TOKEN-GLOBAL-VARIABLE NAME=\"PINSAFEUSERSFAMILYEMAILSIMPLE\"/>
</ARG-DN>
</DO-SET-OP-DEST-DN>
<DO-ADD-DEST-ATTR-VALUE CLASS-NAME=\"GROUP\" DIRECT=\"TRUE\"
NAME=\"MEMBER\">
<ARG-DN>
<TOKEN-GLOBAL-VARIABLE NAME=\"PINSAFEUSERSFAMILYEMAILSIMPLE\"/>
</ARG-DN>
<ARG-VALUE TYPE=\"DN\">
<TOKEN-SRC-DN/>
</ARG-VALUE>
</DO-ADD-DEST-ATTR-VALUE>
</ARG-ACTIONS>
<ARG-ACTIONS/>
</DO-IF>
</ACTIONS>
</RULE>




[B]THE RESULT IS:
[09/15/11 06:26:21.575]:MSLAB ST: Submitting document to subscriber
shim:
[09/15/11 06:26:21.575]:MSLAB ST:
<nds dtdversion="3.5" ndsversion="8.x">
<source>
<product version="3.6.11.4904">DirXML</product>
<contact>Novell, Inc.</contact>
</source>
<input>
<modify class-name="group"
dest-dn="CN=PINSafeUsersBP,OU=Groups,OU=Global,OU=IT-Services,DC=Company-Showcase,dc=Net"
event-id="isxvl662#20110915102621#2#1">
<modify-attr attr-name="member">
<add-value>
<value association-ref="d4425222de39ce4a99c0c4f0ad2f5b16"
type="dn">\STAGEVAULT\Company\People\40142259</value>
</add-value>
</modify-attr>
</modify>
</input>
</nds>


--
shisam
------------------------------------------------------------------------
shisam's Profile: http://forums.novell.com/member.php?userid=110115
View this thread: http://forums.novell.com/showthread.php?t=444753