We have two groups I'm trying to manage, Allow Internet Access and Deny Internet Access. I am trying to set up a group so that if one of our admins adds a user to the Deny group, the users is automatically removed from the Allow group.
To do this I have created a rule:
After Updating a User:
if the user is located under "users" container AND
The user is a member of the "deny internet access" group AND
the users is a member of the "allow internet access" group then
Remove the user from the "allow internet access" group.
My problem is that when I add a user to the deny group, this rule is not triggered. If I update other properties of a user, it works fine.
Does adding / removing groups not count as updating a user? And if so, what should I use?