Hi All,

If you need to add members of child groups to the parent group while doing LDAP groups import then see attached file with scripts. All these scripts are used in transform map which is used to import Child Groups.

Example: Rob and Chris are members of Net_OP_UK group and Mike and Sally are members of Net_OP_UK group. Requirement is to add these users to parent group Net_OP as well.

You can use attached transform map scripts. I created one additional field "u_granted_by"on "sys_user_grmember" table. This field tells which child group was responsible to add user/member to the parent Group(see Picture 2).

Picture 1:

Picture 2:

Important Points:

1) Make sure users are imported before Groups are processed/imported.

2) Make Sure Parent Group already exist in the system when importing Child Group otherwise ServiceNow will not find the Parent and will not be able to add users to the Parent group.

3) To achieve point 1, either make sure Parent Groups are at top in LDAP so ServiceNow process from top to bottom and all parents are covered before Child groups are processed. OR create a separate OU for Parent Groups which is imported before the Child Groups.

Overall Short Summery: This post covers below functionality.

• All child users should also be members of its parent group.
• If added a member to a group then member added to its parent group as well.
• If removed a member from group then remove member from its parent group as well.
• If parent is changed for a group then remove all child members from the old parent added by the group and add them to new parent.

Please let me know if it was helpful. Also let me know if any improvement is required or anything wrong you found with it.

Regards

Ramandeep