We have a eDir to eDir driver setup that consolidates many groups to
one. From our PROD tree to our VAULT.

Each time a group membership is reduced we have been clearing the
destination attribute value groupmembership in the Vault and then for
each Source attribute GroupMembership add the remaining groupmembership
back as a destination. Done as a command policy in the Subscriber

Worked great. All groups deleted and rebuilt.

Now I have some uniq groups in my VAULT that are not in the PROD tree.
And I don't want to delete these memberships from the user object.
These new groups only exist in OU=ROLES-GRPS

The thought was to use a for each Destination Attribute(GroupMembership)
loop and then for each current-node perform a regular expression check
to see if the string did not contain ou=ROLES-GRPS and if not, issue a
remove destination attribute value(Groupmembership,

But this isnt' working. The value's in current-node seem to be from the
source. How do I get them in destination format?

I'm not grasping something here.


ncisrael's Profile: https://forums.netiq.com/member.php?userid=769
View this thread: https://forums.netiq.com/showthread.php?t=51763