search cancel

Active directory not returning the desired group information for user account when queried via LDAP


Article ID: 171964


Updated On:


ProxySG Software - SGOS


The group membership information of one or a set of users are not returned by the AD when ProxySG performs a LDAP (Lightweight Directory Access Protocol) search using a fully-qualified distinguished name. As a result, policies configured with source as LDAP users/groups are not applied for the transaction.


This can happen when the user account's primary group is not set to "Domain Users" especially when the user in question is part of multiple groups.  To address this issue, change the user's primary group to "Domain Users". Steps given below.

1) On AD, open the Active directory users and computers snap-in

2) On left pane, right click on domain and select "Find" to search the user

3) Highlight the user and goto "Properties"

4) Navigate to "Member Of" tab, Select "Domain Users" and click on "Set Primary Group"

5) Apply the changes