Removing Users from Groups

emytjls · ‎06-01-2012

We're in the process of setting up LDAP integration. On the "LDAP Group Import" Transform Map there is a Transform Script that runs "onAfter" to add members to groups using the line "ldapUtils.addMembers(source, target)" . My issue is that when I remove users from a group in Active Directory they are not removed from the group in ServiceNow. Is there an easy way to implement this functionality?

Mike McCall · ‎07-10-2013

That addMembers function should actually remove users, as well, but I've found one issue with its code: because it requires at least one user in order to run, it can't remove all users from a group. If all members of a group are removed in AD, Service-Now can remove all but one before that function stops running, so there will always be one member of any group left in S-N.

I opened an incident ticket on the HI server concerning this, and it was escalated to a [currently open] problem. As a workaround, you can just manually remove that final "stuck" user in S-N, and they won't be re-added by LDAP (since they're not present in AD).

ravi1_tandon · ‎07-10-2013

In order to resolve this problem without manually removing the user you can create another"OnAfter" script in the transform script and give it an order value that is highest to all other script so that it runs post all other scripts have been added.

Mike McCall · ‎07-10-2013

I like this idea, but I'm not sure how you would code it. You still wouldn't be able to call the addMembers() function because of the same issue; could you use just the following part of that function?



       var group = new Packages.com.glide.sys.ldap.LDAPGroups(target, ge.toString());
       group.setMembers();

rafael_merces2 · ‎12-14-2016

Michael,

Was your incident solved? Or if we have only 1 left member on the group, it still mantain this user?

Thanks,