Google Driver - Move User to OU causing 400 Bad Request: INVALID_OU_ID

Hi,

I am trying to perform a user move to another Google OU whe their department or cost center changes.

However I am receiving 400 Bad Request for the user move operation.

I had double confirmed the Destination OU is there. I am not doing any OU Mirroring.

Screenshot 2020-01-23 at 3.51.17 PM.png

My DIRXML Rule is as follow

<rule>

<description>Move User to the right Google OU when Department or Cost Center is changing</description>

<comment xml:space="preserve">Move User to the right Google OU when Department (jabatanSekarang) or Cost Center change (costCenter) attribute is changing</comment>

<conditions>

<or>

<if-op-attr name="jabatanSekarang" op="changing"/>

<if-op-attr name="costCenter" op="changing"/>

</or>

</conditions>

<actions>

<do-move-dest-object>

<arg-dn>

<token-map dest="G-Org" src="Cost-Center" table="..\User Placement Mapping Table">

<token-op-attr name="costCenter"/>

</token-map>

<token-op-attr name="jabatanSekarang"/>

<token-text xml:space="preserve">\</token-text>

<token-src-name/>

</arg-dn>

</do-move-dest-object>

</actions>

</rule>

Attached the ndstrace for the error.

Parents
  • Verified Answer

    Hi!

    You should only specify the org unit DN on move, not the full new DN of the user.

    Try the following updated rule:

    <rule>

    <description>Move User to the right Google OU when Department or Cost Center is changing</description>

    <comment xml:space="preserve">Move User to the right Google OU when Department (jabatanSekarang) or Cost Center change (costCenter) attribute is changing</comment>

    <conditions>

    <or>

    <if-op-attr name="jabatanSekarang" op="changing"/>

    <if-op-attr name="costCenter" op="changing"/>

    </or>

    </conditions>

    <actions>

    <do-move-dest-object>

    <arg-dn>

    <token-map dest="G-Org" src="Cost-Center" table="..\User Placement Mapping Table">

    <token-op-attr name="costCenter"/>

    </token-map>

    <token-op-attr name="jabatanSekarang"/>

    </arg-dn>

    </do-move-dest-object>

    </actions>

    </rule>

Reply
  • Verified Answer

    Hi!

    You should only specify the org unit DN on move, not the full new DN of the user.

    Try the following updated rule:

    <rule>

    <description>Move User to the right Google OU when Department or Cost Center is changing</description>

    <comment xml:space="preserve">Move User to the right Google OU when Department (jabatanSekarang) or Cost Center change (costCenter) attribute is changing</comment>

    <conditions>

    <or>

    <if-op-attr name="jabatanSekarang" op="changing"/>

    <if-op-attr name="costCenter" op="changing"/>

    </or>

    </conditions>

    <actions>

    <do-move-dest-object>

    <arg-dn>

    <token-map dest="G-Org" src="Cost-Center" table="..\User Placement Mapping Table">

    <token-op-attr name="costCenter"/>

    </token-map>

    <token-op-attr name="jabatanSekarang"/>

    </arg-dn>

    </do-move-dest-object>

    </actions>

    </rule>

Children
No Data