Active directory not returning the desired group information for user account when queried via LDAP

book

Article ID: 171964

calendar_today

Updated On:

Products

ProxySG Software - SGOS

Issue/Introduction

The group membership information of one or a set of users are not returned by the AD when ProxySG performs a LDAP (Lightweight Directory Access Protocol) search using a fully-qualified distinguished name. As a result, policies configured with source as LDAP users/groups are not applied for the transaction.

Resolution

This can happen when the user account's primary group is not set to "Domain Users" especially when the user in question is part of multiple groups.  To address this issue, change the user's primary group to "Domain Users". Steps given below.

1) On AD, open the Active directory users and computers snap-in

2) On left pane, right click on domain and select "Find" to search the user

3) Highlight the user and goto "Properties"

4) Navigate to "Member Of" tab, Select "Domain Users" and click on "Set Primary Group"

5) Apply the changes