GetUsersGroupMembership Not Returning Valid LDAP Path?

Jan 14, 2014 at 9:24 AM
Hi All,

I have come accross a small problem when trying to remove a user from a collection if there member groups.

Everything works fine except when coming to "Remove User From Group".

On Assigning the "Group LDAP Path" the runbook fails. Looking at the string returned from "Get Users Group Membership" I can see that it is being prefixed with "DC=<myrootdomainname>".

The problem being that I need to pass an LDAP string to "Remove User From Group" and as the example, shuold look like this:


However as my string returned from "Get Users Group Membership" is:


The "Remove User From Group" fails as I prefix with LDAP:// to convert to a full LDAP path.

Can anyone shed any light on why this is failing please?

Jan 16, 2014 at 3:29 PM
Hey Cavester,

What version of the integration pack are you using

Jan 16, 2014 at 3:57 PM
This should be fixed in the latest version of the IP.
Jan 20, 2014 at 10:02 AM
Thanks for the reply.

I am using 4.1 of the IP. I thought this was the latest version?


Jan 20, 2014 at 3:32 PM
Edited Jan 20, 2014 at 4:29 PM
Hey Lee,

In 4.1 the Object_LDAP_Path output from Get Users Group Membership object properly formats its outputs for other objects (it will publish in the form LDAP://Forest/DN) so you don't need to do any formatting in successive objects
Jan 21, 2014 at 4:32 PM
hmmm, but if I output the Object_LDAP_Path attribute it is in the format, "DC=Contoso/CN=GroupName,OU=Container,DC=Contoso,DC=Com"?
Feb 3, 2014 at 1:49 PM
Ok, got it working but I had to use string replacement on the Object_LDAP_Path to get the desired LDAP path.

All I can think is that there is a problem with LDAP paths that have sub domains or something?

If our domain is then the Object_LDAP_Path is outputting:

"LDAP://,OU=Container,DC=global,DC=Contoso,DC=Com" which does not work when passed to any other successive object.

The DC in bold is obviously wrong and dont know why it is being inserted here. Anyway, string replacement now removes it and all works.


Feb 3, 2014 at 2:16 PM
Interesting! I am not quite sure why its outputting that for child domains, I will try it on some of ours. Thanks for the point out

Sent from Windows Mail

Feb 3, 2014 at 3:03 PM
I have replicated the error internally and found the bug. I will be updating the IP soon
Feb 3, 2014 at 3:06 PM
Excellent, thanks.

Thought I was going mad! :)