ih, i want add every new active directory users to a default group in
ad. what i have to do? i have written this rule:

<?xml version="1.0" encoding="UTF-8"?><policy>
<rule>
<description>SetDefaulGroup</description>
<conditions>
<and>
<if-class-name op="equal">User</if-class-name>
<if-operation op="equal">add</if-operation>
</and>
</conditions>
<actions>
<do-add-dest-attr-value name="Member">
<arg-dn>
<token-parse-dn src-dn-format="ldap">
<token-text
xml:space="preserve">CN=IT-TSURF-Global,OU=TSURF,OU=IT,OU=Service
Accounts,DC=EUDIR,DC=GRPLEG,DC=COM</token-text>
</token-parse-dn>
</arg-dn>
<arg-value type="string">
<token-dest-dn/>
</arg-value>
</do-add-dest-attr-value>
</actions>
</rule>
</policy>

When i create a new users in IDV the new user in AD is created and no
error given in a level 3 trace but the user is not present between the
gruop's members. Where is the error?

thanks!


--
luca.mayer