-
Title
Attempting to add a cross-domain member to a group in a trusted domain fails in a Workflow -
Description
In an environment where two domains are both managed by Active Roles, and there is a trust in-place between those domains, it is possible to add a member to a cross-domain group using the Active Roles Console or Active Roles Web Interface or any another Active Roles client.
However, attempting the same operation using the Add to group or Update activities in a Change Workflow or an Automation Workflow fails with the following error:
Administration Service encountered an error when making changes to the object 'CN=GroupName,OU=Groups,DC=domain,DC=local'. The specified account does not exist. (Exception from HRESULT: 0x80070525)
-
Cause
Cross-domain group management does not function as expected in an Active Roles Workflow.
This issue is being tracked as Defect ID 480069.
-
Resolution
STATUS
Defect ID 480069 will be addressed in a future release of Active Roles.
WORKAROUND
Leverage a cross-domain Dynamic Group and use a Workflow to set the inclusion criteria configured on that Dynamic Group.
-
Change Request
480069