000031735 - The Active Directory Account Collector does not collect the AD Domain Users Group in RSA Identity Governance & Lifecycle

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support on Apr 21, 2020
Version 4Show Document
  • View in full screen mode

Article Content

Article Number000031735
Applies ToRSA Product Set: RSA Identity Governance & Lifecycle 
RSA Version/Condition: 6.8.1
 
IssueThe Active Directory Account Collector does not collect the Active Directory Domain Users group. Because this group is not collected, it is not available in RSA Identity Governance & Lifecycle to be selected as an entitlement.
 
CauseMicrosoft AD (Active Directory) includes several built-in or default groups which are different than user-defined groups. The Users known as the Domain Users group is a default group that all user objects are a member of.  

By default RSA Identity Governance & Lifecycle does not collect the AD default groups such as the Domain Users group.
 
ResolutionThe ability to collect the default AD groups including the Domain Users group is a new feature added to RSA Identity Governance & Lifecycle in the following versions and patch levels:
  • RSA Identity Governance & Lifecycle 6.8.1 P12
  • RSA Identity Governance & Lifecycle 6.9.1
  • RSA Identity Governance & Lifecycle 7.x
Once upgraded, to access the feature go to Collectors > Account Collectors > {AD Account Collector} > Edit > scroll through the pages with the Next button until the Group Data screen is reached and check the option Collect Primary Group Members. Please note that when selecting this option, all AD default groups will be collected.
 
User-added image

 

Attachments

    Outcomes