On a modify event within the NetIQ IDM Engine, the destination DN is not available as it is on an add event. This is because it is already associated to a corresponding object in the connected system.
I ran into a situation where I needed to add the user in the current input document to a group in Active Directory. This requires finding the user’s DN in the connected system and then adding that DN in the member attribute for that group.
There is a Resolve Token that will lookup a DN based on an association or it will look up an association based on a DN.
Below is an example of this being done. We are setting a local variable to contain the DN of the user by using the Resolve Token.
We then take that local variable and use it to add the user to an existing group in Active Directory, or whatever the connected system is.
