Not really. What's the use case?
I could image that you have a string list with a delimited entries, and you can take one line of it that convert it to another list.
1. "entry1, entry2, entry3"
2. "entry4, entry5, entry6"
3. "entry7, entry8, entry9"
Set User-Defined.StringList2 = List.OfString.Join (User-Defined.StringList2, String.ToStringList (List.OfString.Get (User-Defined.StringList1, 2), ",", " "))
If StringList2 is initially emtpy, the end result would be
or something like that. Haven't tested it
I have a ruleset where I put users who require an exception to the regular policy being applied. The cycle goes into the ruleset if the 'user is in the "user-allowed exceptions" list ' is met. Most of the time these are just 5-10 users that require such exceptions and these are rare. I create a rule in the ruleset and add the users in a new list for the rule. I have 6-7 such rules. Also I add the users to the main "user-allowed exceptions".
I had a case where I had to add users of a distribution group, around 25-30 users in the group. I had to create a list and add the users to the list since distribution groups cannot be retrieved. I was wondering this main "user-allowed exceptions" list will keep growing and growing and it would be difficult to manage. If I could add these sub-lists to the main list , it would be easier to add and remove them.
What about Jon's previous suggestion on the other thread to do LDAP lookups on the distribution groups?
Oops my bad, I didnt realize that Jon meant you could get the distribution groups with LDAP being configured as authentication method. So I will have to change the authentication mechanism to LDAP from NTLM. No other way?
UPDATE: Found Authentication.GetUserGroups<authentication> and used LDAP authentication to get the distribution groups. Thanks for the help.
I think that's how i would do it, too.
There are some slight nuances to doing LDAP vs. NTLM groups.
LDAP will no pick up the Primary Group ("Domain Users", typically). So don't write any rules for that group.
NTLM will not pick up the distribution groups, as you've found.
However, I would somehow want to reduce the number of potential LDAP lookups as much as possible and not for every authenticated user, just to reduce the LDAP chatter to the DC.
In the group lookup rule, i would put a check that only does the GetUserGroups<LDAP> if the site you are going to is one that requires the distribution group lookup.
So a rule like:
URL.Categories contains "Social Networking" AND
Authentication.GetUserGroups<LDAP> contains "My Distribution List Name"
If the first condition is false, then the second condition does not execute and thus does not do the LDAP lookup.
Others in support might offer some tips, but reducing the amount of LDAP requests to the server is always a good thing.
Thanks for the advice. I will definitely keep that in mind.