The "Match disabled Active Directory users" option in Encryption Management Server matches users from all Active Directory security groups

book

Article ID: 184240

calendar_today

Updated On:

Products

Encryption Management Server Gateway Email Encryption

Issue/Introduction

Encryption Management Server can assign users to groups using Directory Synchronization. One of the most frequently used options is to match users against membership of a specific Active Directory Security group using the memberOf attribute:

Match consumers via Directory Synchronization

 

However, unexpected results occur if the Match disabled Active Directory users and the If any of the following apply options are combined:

If these two options are combined, not only are the users in a specific Active Directory security group matched but in addition, all disabled Active Directory users are matched, no matter what Active Directory security group they are in.

Resolution

Do not combine these options:

  1. If any of the following apply
  2. Match disabled Active Directory users

Disabled Active Directory users will be matched without the Match disabled Active Directory users option being selected.

Attachments