Group Attestation Policy Issue

Question

Hello, I am having trouble creating an group attestation policy. I am looking to attest group membership to only a few groups to start and once a member is attested the user should not be attested for 12 months. the procedures, frameworks and schedule seem to be correct, I am having an issue with the condition in the policy. any guidance would be greatly appreciated, here is what I have for the condition. it produces all objects in the groups even if they have been attested to or not. Thank you 
 
 EXISTS 
 ( 
 SELECT 1 FROM 
 (SELECT UID_UNSGroup FROM UNSGroup WHERE (cn = N'GROUPNAME-3') 
 OR (cn = N'GROUPNAME)) as X 
 WHERE X.UID_UNSGroup = UNSAccountInUNSGroupTotal.UID_UNSGroup 
 ) 
 And (Exists (select Top 1 * 
 from AttestationCase 
 where UID_AttestationPolicy='55e96389-2c7a-40ea-9c72-28a290519bad' 
 AND DateHead is Not Null 
 AND DateDiff("d", DateHead, getDate())> 364 
 AND DateDiff("d", DateHead, getDate())< 366 
 AND IsGranted= 1 ) 
 OR NOT EXISTS (select Top 1 * 
 from AttestationCase 
 where UID_AttestationPolicy='55e96389-2c7a-40ea-9c72-28a290519bad' 
 AND DateHead is Null))

JSandhu · Answer

try the below: 
 
EXISTS 
 
( SELECT 1 FROM 
 (SELECT UID_UNSGroup FROM UNSGroup WHERE (cn = N'GROUPNAME-3') 
 OR (cn = N'GROUPNAME)) as X 
 WHERE X.UID_UNSGroup = UNSAccountInUNSGroupTotal.UID_UNSGroup 
) 
 And (Exists (select Top 1 * 
 from AttestationCase 
 where UID_AttestationPolicy='55e96389-2c7a-40ea-9c72-28a290519bad' 
 AND DateHead is Not Null 
 AND DateHead >= DATEADD(day, -365, GETDATE()) 
 AND IsGranted=1) 
 
OR NOT EXISTS (select Top 1 * 
 from AttestationCase 
 where UID_AttestationPolicy='55e96389-2c7a-40ea-9c72-28a290519bad' 
 AND DateHead is Null))

JSandhu · Answer

Coming to think about it, I am pretty sure you cannot have AND and OR both in the whereclause of the Policy, it just doesn't work for some reason. 
Try re-framing your condition with all ANDs, that may help !!!