I want to move users to different OU's and to remove group membership
from old OU and give group membership in new OU based on title attribute.
The users are moved in eDirectory and synchronized with AD. All group
memberships are on the AD side only. No groups are the same in
eDirectory. Below is my rule for a modify assign group membership. It
works great everytime:

My question- Can I use <remove-destination-attribute-value> to remove old
group membership from user? I only want to remove group membership that
is local to OU not on a global membership like domain user. Where would I
put it? Command Transformation? And what operation would I use to
destinguish a move from a modify since a "MOVE" is not recognized in this
case? I have tried to use a variation of the rule below and it does not
work because dest-dn is the new dn. I need to remove the old dn (group).
Any help is greatly appreciated. Thanks..Rob.

<rule>
<description>Modify teacher to default local groups (SUB)
</description>
<conditions>
<and>
<if-src-dn op="in-subtree">nisd\Schools</if-src-dn>
<if-operation op="equal">modify</if-operation>
<if-class-name op="equal">User</if-class-name>
<if-attr name="Title" op="equal">teacher</if-attr>
</and>
<and>
<if-src-dn op="in-subtree">nisd\Schools</if-src-dn>
<if-operation op="equal">modify</if-operation>
<if-class-name op="equal">User</if-class-name>
<if-attr name="Title" op="equal">CIT</if-attr>
</and>
</conditions>
<actions>
<do-set-local-variable name="schoolContainer"
scope="policy">
<arg-string>
<token-parse-dn dest-dn-format="ldap"
length="-3" src-dn-format="ldap">
<token-src-attr name="L">
<arg-dn>
<token-src-dn length="-2"/>
</arg-dn>
</token-src-attr>
</token-parse-dn>
</arg-string>
</do-set-local-variable>
<do-set-local-variable name="schoolOU">
<arg-string>
<token-parse-dn dest-dn-format="ldap" src-dn-
format="ldap" start="3">
<token-local-variable name="schoolContainer"/>
</token-parse-dn>
</arg-string>
</do-set-local-variable>
<do-add-dest-attr-value class-name="Group"
name="Member">
<arg-dn>
<token-text xml:space="preserve">CN=</token-text>
<token-substring start="3">
<token-local-variable name="schoolOU"/>
</token-substring>
<token-text xml:space="preserve">Teachers-GS
</token-text>
<token-text xml:space="preserve">,OU=Groups,
</token-text>
<token-local-variable name="schoolContainer"/>
<token-text
xml:space="preserve">,dc=northside,dc=isd,dc=tenet ,dc=edu</token-text>
</arg-dn>
<arg-value type="dn">
<token-src-dn/>
</arg-value>
</do-add-dest-attr-value>
<do-add-dest-attr-value class-name="Group"
name="Member">
<arg-dn>
<token-text xml:space="preserve">CN=
</token-text>
<token-substring start="3">
<token-local-variable
name="schoolOU"/>
</token-substring>
<token-text xml:space="preserve">Staff-GS
</token-text>
<token-text
xml:space="preserve">,OU=Groups,</token-text>
<token-local-variable
name="schoolContainer"/>
<token-text
xml:space="preserve">,dc=northside,dc=isd,dc=tenet ,dc=edu</token-text>
</arg-dn>
<arg-value type="dn">
<token-src-dn/>
</arg-value>
</do-add-dest-attr-value>
</actions>
</rule>