Windows user being added/remove to group by Identity Manager shows in Windows EVent Viewer Security more events than expected for the action.
search cancel

Windows user being added/remove to group by Identity Manager shows in Windows EVent Viewer Security more events than expected for the action.

book

Article ID: 279985

calendar_today

Updated On:

Products

CA Identity Manager

Issue/Introduction

When modifying the group of an account through the Identity Manager (Web interface or Provisioning Manager) this successfully modifies it however on the MS AD Windows Server looking at EventViewer Security, it is showing events of removing all users from the same group and adding them again, being that the expected message would only be that of the affected user.
This impacts event Audit management in third-party tools like QRADAR as it shows additional events that create confusion.

Environment

Identity Suite 14.4.2 CHF1

Cause

Not deployed CP1/CHF1 correctly. Some missing steps causing JCS shows yet old version.

Resolution

The JCS admin console is showing an old version 1.1.0.20220419 of csproxy bundle. The correct version of csproxy bundle for 14.4.2 CHF001 is 1.1.0.20231016.

 

Advised to perform the following steps that resolves the issue.

  1. Stop External Windows JCS Server.
  2.  Back up the "cache" folder available at "<%CONNECTOR SERVER INSTALLED 
    LOCATION%>\data" and then delete it.
  3. Start JCS server
  4. Check the csproxy bundle version in JCS admin console, it should read 1.1.0.20231016
  5. Test the issue and confirme that is resolved.
Powered by Wolken Software