1IM v6.1.4 ( soon to be 7)
I am using a Dynamic Business Role to populate AD Groups used for access security. I need to be bale to remove an AD Group from the Dynamic Bus Role and have the ad Group retain the memberships.
I created a Dynamic Business Role in my test env, created 2 ad groups in the domain. Associated the 2 AD Groups to the Dynamic Business Role, Let them cook and populate. Verified via the domain that they have memberships. I then removed one of the AD Groups. In a reasonable time all of the memberships were deleted. Makes sense. ( All of the entries in adsaccountinadsgrouptotal for the group had niinherite set to 4 (Dynamic).
2nd test, Sams as above but before i removed the AD Group from the Dynamic Business Role I updated adsaccountinadsgrouptotal table entries for the target group, updating the viinherite from a 4 to a 6 (Indirect, dynamic). Removed the AD Group, then later all memberships were automatically removed.
3rd test, same as above but changed the viinherite to a 7 (direct, indirect and dynamic). Same result.
Is there a way to preserve the membership when removing a AD Group from a Dynamic Business Role?
Thanks in advance, Todd Fendt