We have a workflow requesting access permissions for certain folders. These can be requested for single user accounts or AD groups.
If AD groups are used we have a problem. How can we get the common name (cn) or distinguished name? Using the Query User Profile generates an error, using the set variable only SID and description are revealed.
I used the ldap query to get at the cn:
LDAP://DC=XXX, DC=YY
QUERY: ObjectSID=s-1-5-21-1960408961-1958367476-725345543-68844
This works (but is complicated) in s single domain environment. Very complex in a multi domain environment because I guess every single domain needs to be queried.
Is there (or will there be) a more simple way? (like querying the user profile)