|Applies To||RSA Product Set: RSA Identity Governance & Lifecycle|
RSA Version/Condition: 7.0.1, 7.0.2
|Issue||An attempt is made to collect around 17K groups starting at the root domain. For example:|
The search criteria is
The Test button for Group Data in the collector edit screen may indicate that the first 1000 is found.
The Test button may on occasion show a timeout which is not recorded in the aveksaServer.log
Upon collection, only a handful of AD administrative groups show up in the raw data for the collection.
|Cause||Due to the search starting at the top of the domain, we query the root referrals of DNSZones, Configuration, and Schema.|
Because of the referral, you will end up in other parts of the tree for which the account you are using has no access rights, hence you collect less or even nothing.
In the collector definition, please make sure that you check the Ignore Referrals box.
This will allow the Collector to find and pull in all groups in the domain.
We also suggest that you use a more targeted entry point in the tree, so that ACM collections do not search unnecessarily large areas.