Managing AD Group Memberships

This topic has 1 reply, 2 voices, and was last updated 3 months, 1 week ago by timfeldmann.

  • Author
  • #28017

    We want to implement IDM to manage accounts and group memberships in AD. We came aware of a IDM behavior which I hope is not true. Is is about managing account group membership during a migration to IDM.

    Suppose existing AD account is memberof group A, B, C and D. Now we’re introducing IDM and creating roles. We assign a role to corresponding user that includes, via assignment, membership of group A in AD. After reconciliation we notices that the account keeps member of A BUT it removes group B, C and D (NO!!).

    Is there is setting/way to prevent this behaviour? It should initially untouch AD group memberships that are not managed by IDM.



    how are you syncing the AD group membership based on the role assignment? User / memberOf property or group / member property?

Viewing 2 posts - 1 through 2 (of 2 total)

You must be logged in to reply to this topic.

©2020 ForgeRock - we provide an identity and access platform to secure every online relationship for the enterprise market, educational sector and even entire countries. Click to view our privacy policy and terms of use.

Log in with your credentials

Forgot your details?