To

setManager: function(source, target) {
var ge = source.getElement(this.manager);
//if (!ge || ge.isNil())
//return;
if(ge.isNil())
{
target.manager='';
}

So, in order to update the manger field with the value it got from AD (when empty/blank) which is stored in import set table it was modified as above which sets the Manager field as blank when ge has blank value for Manager.

However, it works well when there is a change in Manager field at AD end as we have below script that is remains as is

this._getLdapUserUpdate();
var lda
LanguageHTML/XML
p = new GlideLDAPUserUpdate();
var mid = this.ldapUserUpdate.getManagerValue(target, ge.toString());
if (mid == null)
return;

target.manager = mid;

For scenario 2. the Group-User part all that is required is to get a check for system property glide.ldap.allow_empty_group with choices as True/False & value as True. If there does not exist any it needs to be created as below

This property checks if the Groups coming in from AD has some User records or not. Setting the value as True would imply that it would remove all the Members from the Groups in ServiceNow if they are removed from AD.

If the value is set to False or there isn't any property as above then removal of all Members from Group in AD would not reflect the same in ServiceNow.

Note: This property is only to check for Groups that does not have any User members. If a Group has 10 members & 9 of them were removed from AD then it would remove those from ServiceNow as well. Only issue would happen when the remaining member from that Group is removed from AD as it would not remove that remaining user from ServiceNow. Configuring the above property would help us achieve that.

Hopefully the information in this blog helps understand LDAP - ServiceNow sync a step further.

Thanks,

Jaspal Singh

Labels: