Symantec Identity Management

Expand all | Collapse all

Assign AD Group membership via Policy Xpress - changes for IM R14.1

  • 1.  Assign AD Group membership via Policy Xpress - changes for IM R14.1

     
    Posted 10-19-2017 06:58 AM

    We use Policy Xpress to set users as member of an active directory groups.
    After upgrade to IM R14.1 we started to get errors like the following one assigning memberships:
    A JSONObject must begin with '{' at character 1 of ADSGroup=....

     

    This is due to a syntax change introduced in 14.1.
    The groupmembership value, used for the action tab into policy xpress,has to be passed as a JSON structure.
    For example:

     

    {"memberOf":"ADSGroup=TestGroup,ADSOrgUnit=OU1,ADSOrgUnit=Development,EndPoint=MYAD,Namespace=ActiveDirectory,Domain=im,Server=Server"}

     

    instead of
     
    ADSGroup=TestGroup,ADSOrgUnit=OU1,ADSOrgUnit=Development,EndPoint=MYAD,Namespace=ActiveDirectory,Domain=im,Server=Server

     

    This is related to the introduction of the Active Directory Time Bound Membership.
    Please refer to the following online #documentation for more details.

     

    https://docops.ca.com/ca-identity-manager-and-governance-connectors/1-0/EN/connectors/microsoft-connectors/microsoft-active-directory-microsoft-exchange-and-microsoft-lync/active-directory-time-bound-membership

     

    Hope this may be useful.

     

    Regards

    Fabrizio



  • 2.  Re: Assign AD Group membership via Policy Xpress - changes for IM R14.1

    Posted 10-20-2017 03:12 PM

    Thank you for sharing this tip with the community!

    Assign AD Group membership via Policy Xpress - changes for IM R14.1