OU Definition in LDAP Integration not retrieving group members
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-21-2022 06:01 AM
Hello ServiceNow team, hope all is well!
I have a question regarding integration with LDAP and Active Directory
I currently integrated Servicenow with a client's Active Directory and have defined two LDAP OU Definitions, one for the groups and one for the users
My group LDAP OU Definition has an RDN built like this:
OU=ServiceNowGRPs, OU=Systems Service Accounts
The first OU (ServiceNowGRPs) is a subfolder that resides within a parent folder/OU (Systems Service Accounts)
it is retrieving the groups correctly when I browse and also when I run a scheduled job designated to import the groups into ServiceNow
My user LDAP OU Definition has an RDN built like this:
OU=ISC-Emp, OU=MODA-ISC
It is retrieving the users when I browse but when I run the scheduled job it does not retrieve any users which is my first issue
My second and main issue is that when retrieving, I retrieve the groups then I retrieve all users to remediate the first issue but the groups show up empty with no users in them even though on the Active Directory there are users in those groups
Any ideas/documentation/suggestions would be highly appreciated
Best Regards,
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-21-2022 06:11 AM
Few thing to check,
Do you have source field on user record mapped ?
Do you have OnStart transform map script?
gs.include("LDAPUtils");
var ldapUtils = new LDAPUtils();
ldapUtils.setLog(log);
Do you have OnAfter transform script ?
ldapUtils.addMembers(source, target);
refer to https://community.servicenow.com/community?id=community_question&sys_id=9ac9d1fcdb0f1c54fa192183ca961986
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-21-2022 06:54 AM
Hello Mike, I have checked what you've mentioned and it seems I am missing the OnAfter transform script, should it be against my LDAP User import transform map?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-21-2022 07:14 AM
Also, Mike, I have realized that when I browse the users sitting on the client's AD, there is no "member of" attribute, nor is there a "members" attribute when I browse the groups, I believe that could be my issue, what do you think?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-21-2022 10:51 AM
member attribute is fine. OnAfter script is for Group Transform Map. also make sure source field is not getting cut of on user record it needs to be full. Share some screenshots users with source field and screenshots of groups transform maps.
