When attempting to add domain users or groups to Portal Groups in the Information Centric Analytics (ICA) portal (Admin > Privileges), either of the following errors is returned:

<domain\user> is not a valid Active Directory User

<domain\group> is not a valid Active Directory Security Group

Release : 6.5.4

Component : Portal Privileges

When adding domain users and domain groups to ICA Portal Groups, the account under which the RiskFabricAppPool identity runs in Internet Information Services (IIS) performs a Lightweight Directory Access Protocol (LDAP) lookup against the domain's Active Directory (AD) controller to verify the account or group specified. If that lookup fails for any reason, the operation fails.

An LDAP lookup can fail for a number of reasons. To ensure the configuration of ICA is not a contributing factor, confirm the account under which the RiskFabricAppPool identity is run in IIS is a domain user in addition to being a member of the local admins group on the IIS server hosting ICA, per the Required Steady State Privileges section of the Symantec ICA Administrator Guide.