• State Not Answered
  • Locked Locked
  • Replies 4 replies
  • Subscribers 93 subscribers
  • Views 13707 views
  • Users 0 members are here
Options
Related
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

AD group managed by a group not an account

Jonathan M
over 11 years ago

Hi,

I am working with a customer to put their AD groups into IT Shop & have come across an issue that I had not considered before.   In AD users and groups I can see that some groups are managed by other AD groups rather than an AD user account.

This is perfectly legal in AD.   However, our mapping connects the managedBy AD property to uid_ADSAccountManager (via a search of the FK table ADSAccount for the DN) so, when the managedBy is a group, our Manager parameter in the ADSGroup object is NULL

The knock on effect is that the product owner is not set in IT Shop.

This must have been encountered before.   Has anyone got any suggestions as to the best way to handle this ?

Thanks

Jon.

Parents
  • 0 over 11 years ago

    Thanks Carsten, but perhaps I wasn't clear enough.   The managedBy property is not always an AD group.   It could be an AD group OR, as is normal, an AD account.

    So when the managedBy is an AD group we currently get NULL as the uid_ADSAccountManager.

    The dilemma is that we don't know what the value will be (group or account) until the data is synced in.

    Jon.

Reply
  • 0 over 11 years ago

    Thanks Carsten, but perhaps I wasn't clear enough.   The managedBy property is not always an AD group.   It could be an AD group OR, as is normal, an AD account.

    So when the managedBy is an AD group we currently get NULL as the uid_ADSAccountManager.

    The dilemma is that we don't know what the value will be (group or account) until the data is synced in.

    Jon.

Children
No Data