- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎01-16-2017 07:42 AM
I have a pretty standard group sync with LDAP set up using the ldapUtils.addMembers(source, target); line to handle membership syncing in the onAfter section of our data pull, but I am having issues with empty groups. Whenever a group becomes empty in Active Directory, it leaves whoever the last member was in the group rather than making it empty in ServiceNow also. I've made up a fix for it by adding some script to the onAfter event that looks for where source.u_member.toString() is empty and removes all group assignments, but this seems a little backwards and it also seems odd that I haven't been able to find another thread yet discussing this issue.
So I guess I mostly just want a sanity check before I roll this fix into production. Is the ldapUtils.addMembers function supposed to be leaving the last member in a group? Am I missing a standard config setting that would properly empty the group? I could only find one discussion from 2013 about it that never really got answered very well.
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎03-08-2017 01:57 AM
Hi John
There is a System Property to allow 0 members in groups!
Instructions I got from ServiceNow support:
[-] Go sys_properties table
[-] Click New.
[-] Complete the form as follows:
[-][-] Name: glide.ldap.allow_empty_group
[-][-] Description: Allow empty group
[-][-] Leave Choice field blank
[-][-] Type: true|false
[-][-] Value: true
[-][-] Click Submit.
This is documented on this KB article: KB0533747
-- https://hi.service-now.com/kb_view.do?sysparm_article=KB0533747
regards
Marc
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎04-29-2025 05:26 AM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎12-11-2017 05:38 AM
Just to add the the KB article is not available, but this was the content;
The content of the KB is set to internal only, however, it is shown that it has been fixed In Eureka.
Below I have listed the content of the KB:
------------------------------------------------------------------------------------------------------------------------
When emptying a security group in AD - SN does not reflect and remove members until the next update to AD [Groups must have at least one member]
Description
When removing all members of a group in AD, the same group in SN is not updated as being empty.
It is only updated when a change to the group in AD is made--for example, adding a member to the group again.
Steps to Reproduce [NONE]
Workaround
There is no workaround for this Known Error at this time.
