This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

How to re-trigger provisioning of AD groups including all members

Hi,

 

we have some inconsistency issues regarding AD group memberships, where we would like to simply re-provision individial ADSGroups in 7.1.1.

However, we couldn't find a way to achieve this. For oustanding groups (missing in target system) there is the possibility to fire the event HANDLEOUTSTANDING, which looks like it will launch the process to re-create the ADSGroup.

Regular provisioning of group memberships is supposed to happen only member-wise (merging enabled), which is probably why we encounter inconsistencies in the first place. We would like to be able to simply re-provision an existing AD group statically including all of its members to solve these.

It feels like there should be an easy way to do this, I just can't seem to find it.

  • I am not sure what version you are working with but these can be published one by one if needed. We usually handle outstanding objects using the data synchronization menu

     

    In here you will see which objects are outstanding, if you look at my example we see that I have one group that indeed does not exist in AD. I can then publish that group and it will create it in the target

     

  • It didn't bring back my memberships but if we look in the data synchronization menu again we can see active directory users accounts in active directory groups. These memberships are also outstanding due to the group was no longer present.

     

    If you select the users you can publish the memberships by clicking publish button

     

  • Now once those jobs finish in the job queue I can check AD users and computers and see that my members are now posted

  • Thanks for pointing out the Data Synchronization section. I was looking for such a feature in the Sync Editor and the Active Directory section.

    I could now see that the handling of outstanding memberships takes place via a stored procedure using a limited statement. Maybe we'll just stick to manually resolving them in Manager...