search cancel

Revoking Provisioning Roles does not remove Groups in AD

book

Article ID: 134246

calendar_today

Updated On:

Products

CA Identity Manager CA Identity Governance CA Identity Portal CA Identity Suite

Issue/Introduction

A scenario has been identified in which revoking Provisioning Roles (PR) does not remove the associated Groups from Active Directory (AD)

For example:


1) There is a Provisioning Role called "VPN" that is connected to the Account Template that contains membership to a AD group

2) A user account on the AD endpoint already exists

3) Assigning "VPN" Provisioning Role assigns the group to the user

4) Revoking "VPN" Provisioning Role does not remove group from the user.


The account template is using weak synchronization.

Cause

This is a code issue

Environment

Release : 14.1

Component : CA IDENTITY SUITE (VIRTUAL APPLIANCE)

Resolution

An issue has been identified in the synchronization code.  The issue is resolved in 14.1 CP9