• State Not Answered
  • Locked Locked
  • Replies 5 replies
  • Subscribers 93 subscribers
  • Views 7141 views
  • Users 0 members are here
Options
Related
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

How do you add/delete AD group memberships using a script

Eric Dau
over 7 years ago

I am trying to write a script (or can use process step) that will remove all of a person's AD group memberships when an attribute changes.  The script I wrote identifies the correct groups but just running a delete on the ADSAccountinADSGroup record is not working.  A sql trace on the session is showing an insert into dialogprocess prior to the delete statement running when using Manager to remove the group but I can only see the bind variables, not the actual values being inserted.

Does anyone know how to accomplish this or another way it can be done?

Thanks

Eric 

Parents
  • 0 over 7 years ago

    Maybe you could post you script to help you out as deleting a group membership is normally no problem at all.

    Forgive me my stupid questions but just some more areas to check as I never seen that before.

    • Is the AD domain the group is from set to be synchronized by Identity Manger and not set to be read-only?
    • What is the property FullSyncState of the entries in ADSAccountInADSGroup and ADSAccountInADSGroupTotal set to?
Reply
  • 0 over 7 years ago

    Maybe you could post you script to help you out as deleting a group membership is normally no problem at all.

    Forgive me my stupid questions but just some more areas to check as I never seen that before.

    • Is the AD domain the group is from set to be synchronized by Identity Manger and not set to be read-only?
    • What is the property FullSyncState of the entries in ADSAccountInADSGroup and ADSAccountInADSGroupTotal set to?
Children
No Data