Hi,

I work on a AD driver that only syncronizes users fra IDV to AD. In addition
I want to make the AD users members of some AD groups. I've tried several
things but with no luck. First i tried to put this DXML script in the
Subscriber Creation policy:

<rule>
<description>AD groups</description>
<conditions>
<and>
<if-class-name mode="nocase" op="equal">user</if-class-name>
</and>
</conditions>
<actions>
<do-add-dest-attr-value class-name="group" name="member" when="after">
<arg-dn>
<token-text
xml:space="preserve">CN=grpTerminalServerUsersAdm, OU=Ansatt,OU=Grupper,DC=fsjo,DC=net</token-text>
</arg-dn>
<arg-value type="dn">
<token-text xml:space="preserve">CN=Svein
Kran,OU=Elev,OU=Personer,DC=fsjo,DC=net</token-text>
</arg-value>
</do-add-dest-attr-value>
</actions>
</rule>

Second I tried to put this stylesheet in the output transform:

<xsl:template match="add">
<xsl:copy>
<xsl:apply-templates select="@*|node()"/>
</xsl:copy>
<modify class-name="Group"
dest-dn="CN=grpTerminalServerUsersAdm,OU=Ansatt,OU=Grup per,DC=fsjo,DC=net">
<modify-attr attr-name="member">
<add-value>
<value>
CN=Svein Kran,OU=Elev,OU=Personer,DC=fsjo,DC=net
<!-- <xsl:value-of select="@dest-dn"/> -->
</value>
</add-value>
</modify-attr>
</modify>
</xsl:template>

I did seen something like this in the trace with both approach:

<modify class-name="Group"
dest-dn="CN=grpTerminalServerUsersAdm,OU=Ansatt,OU=Grup per,DC=fsjo,DC=net">
<modify-attr attr-name="member">
<add-value>
<value>
CN=Svein Kran,OU=Elev,OU=Personer,DC=fsjo,DC=net
</value>
</add-value>
</modify-attr>
</modify>

Can anyone help me with this one. What am I missing?

--
Frode Sjovatsen