The Active Directory Account Collector does not collect the AD Domain Users Group in RSA Identity Governance & Lifecycle

a year ago

Originally Published: 2015-11-12

Article Number

000045521

Applies To

RSA Product Set: RSA Identity Governance & Lifecycle
RSA Version/Condition: 6.8.1

Issue

The Active Directory Account Collector does not collect the Active Directory Domain Users group. Because this group is not collected, it is not available in RSA Identity Governance & Lifecycle to be selected as an entitlement.

Cause

Microsoft AD (Active Directory) includes several built-in or default groups which are different than user-defined groups. The Users known as the Domain Users group is a default group that all user objects are a member of.

By default RSA Identity Governance & Lifecycle does not collect the AD default groups such as the Domain Users group.

Resolution

The ability to collect the default AD groups including the Domain Users group is a new feature added to RSA Identity Governance & Lifecycle in the following versions and patch levels:

RSA Identity Governance & Lifecycle 6.8.1 P12
RSA Identity Governance & Lifecycle 6.9.1
RSA Identity Governance & Lifecycle 7.x

Once upgraded, to access the feature go to Collectors > Account Collectors > {AD Account Collector} > Edit > scroll through the pages with the Next button until the Group Data screen is reached and check the option Collect Primary Group Members. Please note that when selecting this option, all AD default groups will be collected.

Don't see what you're looking for?

Potential Impact from Salesforce Device Activation Change

Related Articles

Trending Articles