Hi All,
We have Active Directory connection which has multiple Child endpoints (ept1,ept2,ept3.........ept10).
Now for one of the child endpoint (ept4) we are using AD Group Creation and AD Groups has to create in Specific OU in target and provisioning of the group in specific OU is working fine. We are using advanceGroupFilter in groupImportMapping for AD connection to push the group in specific OU in AD.
"advanceGroupFilter": {
"memberOf": {
"OU=Contractor/Vendor,OU=VPN,OU=UserGroupsApps,OU=SystemUsers,DC=,DC=,DC=": [
"(&(objectClass=group)(displayName=Groups))"
],
"DC=,DC=,DC=": [
"(&(objectClass=group))"
]
}
}
Now, I got an issue while importing access for AD (Parent endpoint).
- I did create an AD group (Ex: abc1) through ARS for AD child endpoint (Ex: Ept4) and it got provisioned and created the same group in target AD.
- Now I have ran the Access Import for Active Directory which is the parent endpoint for "ept4" endpoint, and it has imported the "abc1" entitlement in AD endpoint and it has inactivated the same "abc1" entitlement in "ept4" endpoint. (FYI, job got failed with an error saying "Duplicate entry 'CN=abc1,OU=Contractor/Vendor,OU=VPN,OU=UserGroupsApps,OU' for key 'ENTITLEMENTID'"
FYI,
Reconciliation Field - ObjectGUID
In Saviynt ObjectGUID is populating in CP18 when group is crearted but I haven't added anywhere that Guid has to populate in such Customproperty.
##Attached groupImportMapping and CreateUpdateMapping Json's for reference
Please let me know when Access import runs how we can I make "abc1" entitlement as active in "ept4" child endpoint as well, do I need to make changes anywhere else?
Regards
SrisailamShyamSundarGoud
