The Active Directory Account Collector does not collect the AD Domain Users Group in RSA Identity Governance & Lifecycle
2 years ago
Originally Published: 2015-11-12
Article Number
000045521
Applies To
RSA Product Set: RSA Identity Governance & Lifecycle 
RSA Version/Condition: 6.8.1
 
Issue
The Active Directory Account Collector does not collect the Active Directory Domain Users group. Because this group is not collected, it is not available in RSA Identity Governance & Lifecycle to be selected as an entitlement.
 
Cause
Microsoft AD (Active Directory) includes several built-in or default groups which are different than user-defined groups. The Users known as the Domain Users group is a default group that all user objects are a member of.  

By default RSA Identity Governance & Lifecycle does not collect the AD default groups such as the Domain Users group.
 
Resolution
The ability to collect the default AD groups including the Domain Users group is a new feature added to RSA Identity Governance & Lifecycle in the following versions and patch levels:
  • RSA Identity Governance & Lifecycle 6.8.1 P12
  • RSA Identity Governance & Lifecycle 6.9.1
  • RSA Identity Governance & Lifecycle 7.x
Once upgraded, to access the feature go to Collectors > Account Collectors > {AD Account Collector} > Edit > scroll through the pages with the Next button until the Group Data screen is reached and check the option Collect Primary Group Members. Please note that when selecting this option, all AD default groups will be collected.
 
User-added image
 

Related Articles

Trending Articles

Don't see what you're looking for?