Skip navigation

Log in to create and rate content, and to follow, bookmark, and share content with other members.

000035785 - How to Synchronize Nested AD Group Users from an RSA SecurID Access Identity Source

Document created by RSA Customer Support

on Nov 29, 2017

Version 1Show Document

Like • Show 0 Likes0
Comment • 0
View in full screen mode

Article Content

Article Number	000035785
Applies To	RSA Product Type: SecurID Access
Issue	When attempting to synchronize nested Active Directory Identity Source group members by specifying a User Search Filter that defines the parent group the nested users are not synchronized. For example, say the search filter is: (&(objectCategory=Person)(sAMAccountName=)(objectClass=user)(mail=)(memberOf=CN=ParentGroup,CN=Users,DC=example,DC=com)) and ParentGroup contains a nested group. The users in the nested group will not be synchronized.
Resolution	Microsoft-specific filter syntax can be used to synchronize the members of ParentGroup and any nested group members. Precede the =CN=ParentGroup with the Microsoft LDAP-specific syntax :1.2.840.113556.1.4.1941: as shown in below user search filter example: (&(objectCategory=Person)(sAMAccountName=)(objectClass=user)(mail=)(memberOf:1.2.840.113556.1.4.1941:=CN=ParentGroup,CN=Users,DC=example,DC=com))
Notes	Reference Active Directory: LDAP Syntax Filters.

Attachments

Outcomes

0 Comments

Recommended Content