We have IGL 7.0.2 installed with an Unauthorized (Rogue) Change Detection rule running after every account or entitlement collection. We recently made a change to one of our AD Account and Group collectors to exclude a certain OU. After implementing this change over 1,100 new UCD were detected by IGL, which of course is not normal. Upon analysis we found that the unauthorized changes had previously been detected by IGL. It appears that the update to the AD Account and Group collector caused IGL to "forget" that it had already detected these unauthorized changes previously.
Has anyone had this happen and if so, is there a solution to prevent this from happening again? We soon will be implementing another change to the same collector and do not want a repeat of the re-detection.
Also, we now have 1,100 UCDs that need to be "cleaned up". Any suggestions on how to do this without manually canceling them?unauthorized change
Can you share a screenshot of rule's configuration?
Can you describe which changes were made in the collectors?
You mentioned you have 1100 UCDs. You mean there are 1100 change requests? In what status the change requests (approval, fulfillment or completed)?