000031735 - Active Directory Account Collector does not collect AD "Domain Users" group in RSA Via L&G

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 3Show Document
  • View in full screen mode

Article Content

Article Number000031735
Applies ToRSA Product Set: Via Lifecycle & Governance (L&G), Identity Management and Governance (IMG), Aveksa
RSA Version/Condition: 7.0, 6.9, 6.8.1
IssueActive Directory Account Collector does not collect the AD "Domain Users" group.  
The "Domain Users" group is not available to be selected as an Entitlement. 
CauseMicrosoft AD (Active Directory) includes several built in or Default Groups which are different than user define groups.  
The "Users" known as the "Domain Users" group is a default group that all user objects are a member of.  
By default RSA Aveksa and RSA Via L&G does not collect the AD Default Groups such as the "Domain User" group.  
ResolutionThe ability to collect the Default Groups including the "Domain Users" group is an option that can be enabled by selecting the "Collect Primary Group Members" option from the Active Directory Account Collector Group Data configuration screen.  Please note that when selecting this option all AD Default Groups will be collected.
User-added image
NotesNote that this feature was introduced as a hotfix to 6.8.1 and is not available in older versions of the product.  
In order to leverage this feature you must patch to the latest patch level for your version of RSA Aveksa.  
This feature is available in the following versions:
  • RSA Via L&G 7.0 - release version
  • RSA Aveksa 6.9.1 - release version 
  • RSA Aveksa 6.9 - not available, please upgrade to 6.9.1 or later.
  • RSA Aveksa 6.8.1 - patch P12 and later.