diff --git a/CHANGELOG.md b/CHANGELOG.md
index 830c8bc..c72032a 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -45,3 +45,7 @@
 * 1.3.0 -- 2024-08-29
   - group-assignment
     - add ldap_group option to the settings to be used for EDL u- groups
+
+* 1.3.1 -- 2024-10-31
+  - group-assignment
+    - remove bad [DynamicDN] from memberUid for group
diff --git a/common/version.tf b/common/version.tf
index 08f3f68..e4a1130 100644
--- a/common/version.tf
+++ b/common/version.tf
@@ -1,3 +1,3 @@
 locals {
-  _module_version = "1.3.0"
+  _module_version = "1.3.1"
 }
diff --git a/group-assignment/users.tf b/group-assignment/users.tf
index 83cbd97..cea9c08 100644
--- a/group-assignment/users.tf
+++ b/group-assignment/users.tf
@@ -32,7 +32,7 @@ data "aws_identitystore_user" "users" {
 
 locals {
   ldap_groups_base_dn = "o=U.S. Census Bureau,c=US"
-  ldap_groups_members = distinct(flatten([for k, v in data.ldap_object.ldap_groups : [for m in jsondecode(lookup(v.attributes_json, "memberUid", "")) : m if ! startswith(m, "p-")]]))
+  ldap_groups_members = distinct(flatten([for k, v in data.ldap_object.ldap_groups : [for m in jsondecode(lookup(v.attributes_json, "memberUid", "")) : m if ! startswith(m, "p-") && (m != "[DynamicDN]")]]))
 }
 
 data "ldap_object" "ldap_groups" {