Hi I have mostly copied a rule from the forums to watch for a group
membership change in Active Directory.

Based on and ADD to a group it triggers a user add in eDirectory.

What I would like to do at the same time is add the user to a group in
eDirectory. The group will change based on the group in Active Directory.

I tried adding xml element statement without much luck, I have have been
trying to understand how they work from some some good docs from geoffc

My Rule is this.. I then want to add in the group membership attribute
as part of the syncthentic add based on the group the user was added to
in Active Directory (can anyone help me please.)

Thanks Peter

?xml version="1.0" encoding="UTF-8"?><!DOCTYPE policy PUBLIC
"policy-builder-dtd" "C:\Program Files
(x86)\Novell\Designer\eclipse\plugins\com.novell.i dm.policybuilder_3.0.1.200901050958\DTD\dirxmlscri pt3.6.dtd"><policy>
<description>This Policy is used to manage a SWISLHD attribute in
eDirectory. It was decided to use an attribute over managing group
membership</description>
<rule>
<description>LHD Group Check - Create User if Required</description>
<comment xml:space="preserve">This will determine if the group is
required. Make all changes in the referenced mapping table, this should
allow simple administration. Note GCVs can't be used in the maping
table.</comment>
<conditions>
<and>
<if-class-name mode="nocase" op="equal">group</if-class-name>
<if-src-dn op="in-subtree">~gcv.stafflinkLHDgroups~</if-src-dn>
<if-op-attr name="member" op="changing"/>
</and>
</conditions>
<actions>
<do-if>
<arg-conditions>
<and>
<if-src-dn op="in-subtree">~gcv.stafflinkLHDgroups~</if-src-dn>
</and>
</arg-conditions>
<arg-actions>
<do-trace-message>
<arg-string>
<token-text xml:space="preserve">LHD Group - Success - LVR SET
with </token-text>
<token-src-dn/>
</arg-string>
</do-trace-message>
<do-set-local-variable name="LHDSpecialGroup" scope="policy">
<arg-string>
<token-map default-value="not-found" dest="ADGroupName"
src="ADGroupName" table="..\Library\LHDGroupMapping">
<token-src-dn/>
</token-map>
</arg-string>
</do-set-local-variable>
<do-if>
<arg-conditions>
<and>
<if-local-variable mode="nocase" name="LHDSpecialGroup"
op="not-equal">not-found</if-local-variable>
</and>
</arg-conditions>
<arg-actions>
<do-set-local-variable name="LHDspecialGroupAttr" scope="policy">
<arg-string>
<token-map default-value="not-found" dest="eDirGroupName"
src="ADGroupName" table="..\Library\LHDGroupMapping">
<token-src-dn/>
</token-map>
</arg-string>
</do-set-local-variable>
<do-if>
<arg-conditions>
<and>
<if-local-variable mode="nocase" name="LHDspecialGroupAttr"
op="not-equal">not-found</if-local-variable>
</and>
</arg-conditions>
<arg-actions>
<do-for-each>
<arg-node-set>
<token-op-attr name="member"/>
</arg-node-set>
<arg-actions>
<do-append-xml-element before="modify[1]" expression=".."
name="sync"/>
<do-set-xml-attr expression="../sync[last()]" name="class-name">
<arg-string>
<token-text xml:space="preserve">user</token-text>
</arg-string>
</do-set-xml-attr>
<do-set-xml-attr expression="../sync[last()]" name="src-dn">
<arg-string>
<token-local-variable name="current-node"/>
</arg-string>
</do-set-xml-attr>
<do-append-xml-element expression="../sync[last()]"
name="association"/>
<do-append-xml-text
expression="../sync[last()]/association[last()]">
<arg-string>
<token-xpath expression="$current-node/@association-ref"/>
</arg-string>
</do-append-xml-text>
</arg-actions>
</do-for-each>
<do-for-each disabled="true">
<arg-node-set>
<token-removed-attr name="member"/>
</arg-node-set>
<arg-actions>
<do-remove-dest-attr-value direct="true" name="Group Membership">
<arg-value>
<token-text
xml:space="preserve">$LHDspecialGroupAttr$</token-text>
</arg-value>
</do-remove-dest-attr-value>
<do-remove-dest-attr-value direct="true" name="Security Equals">
<arg-value>
<token-text
xml:space="preserve">$LHDspecialGroupAttr$</token-text>
</arg-value>
</do-remove-dest-attr-value>
</arg-actions>
</do-for-each>
</arg-actions>
<arg-actions/>
</do-if>
</arg-actions>
<arg-actions/>
</do-if>
</arg-actions>
<arg-actions/>
</do-if>
<do-veto disabled="true"/>
</actions>
</rule>
</policy>