Users that are members of an Active Directory group are not synced into ServiceDesk
search cancel

Users that are members of an Active Directory group are not synced into ServiceDesk


Article ID: 152033


Updated On:




When ServiceDesk performs an Active Directory sync, some users are not brought in. These users are members of an Active Directory group that is part of an organizational unit that was specified to be synced.


ServiceDesk syncs users based on their location in an Active Directory organizational unit, not based on their Active Directory group membership.

A common misconception on how this works is that users that are not in the specified organizational unit  but which are members of an Active Directory group will be synced. This is incorrect as these users are not in the specified organizational unit or domain.


This is working as designed. Active Directory (AD) syncs must be planned and configured in such a way that all users to be synced are in the specified organizational units (OU) for the sync.

The following provides an example of how ServiceDesk syncs an OU that contains users and a group.

  • The OU "California" has one user, John Doe, and one security group, "Human Resources".
  • The OU "New York" has one user, Jim Smith.
  • The security group "Human Resources", in the OU "California", includes both users as members.


During the ServiceDesk sync, if the OU California is selected to be synced but the OU New York is not, the following will occur:

  • The user John Doe is synced into ServiceDesk. 
  • The security group name Human Resources is synced into ServiceDesk as a new group.
  • John Doe becomes a member of the Human Resources group in ServiceDesk.
  • Jim Smith is not synced because they are not part of the OU California.

Related Resources

Can ServiceDesk restrict what users are synced from an Active Directory organizational unit?

Does ServiceDesk support Active Directory child domains in parent domains?

How to automatically import Active Directory users into specific ServiceDesk group roles

How to add permissions to a custom group

Trying to configure an Active Directory Server in ServiceDesk results in the error "The server is not operational" or the Active Directory sync no longer works