Hi

I would like to add users to groups when they are provisioned to the Active
Directory from the IDVAULT.

I have plaed the following code on the Command Transformation Policy of the
driver's Subscriber channel:

<rule>

<description>IT Group Membership</description>

<conditions>

<and>

<if-src-attr mode="nocase" name="OU" op="equal">IT</if-src-attr>

</and>

</conditions>

<actions>

<do-set-dest-attr-value name="Group Membership">

<arg-value>

<token-text xml:space="preserve">cn=GRP STAFF
IT,OU=Groups,DC=testdomain,dc=com</token-text>

</arg-value>

</do-set-dest-attr-value>

</actions>

</rule>


However, whe I create a user with its' OU attribute set to 'IT' the
membership is not updated. Why is this? Is my code wrong?


This is on IDM3/NW6.5 BTW.

Thanks

Nelson