Saviynt unveils its cutting-edge Intelligence Suite products to revolutionize Identity Security!
Click HERE to see how Saviynt Intelligence is transforming the industry. Saviynt Copilot Icon
This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Guide for AD group management using ADSI connector

gurpreetchanna
New Contributor II
New Contributor II

‎07/23/2024 07:06 AM

Hi, 

We are working on configuring AD group management (create /update/ delete) within Saviynt. We have a single forest multi domain AD environment, say Parent Domain - Sub Domain 1 , Sub domain2, Sub Domain3. 

AD group creation is required in all of the sub domains.  

Kindly assist on below queries - 

1. It's recommended to us in other forums that ADSI connector should be used for AD group creation.  

2. We are not able to find guide to configure ADSI Endpoint for group management. Link to configuration guide would be helpful. 

3. While configuring this, can we keep reconciliation connection as Active Directory and Provisioning as ADSI connection. 

4. Since there are multiple OUs in which we need the group creation. ' advanceGroupFilter' would be used. So user can select the correct OU on the group creation page. Does this limit the import of groups from other OUs in which group creation is not required ? 

0 Kudos
8 REPLIES 8

rushikeshvartak
All-Star
All-Star

‎07/23/2024 06:59 PM

Refer https://docs.saviyntcloud.com/bundle/ADSI-v24x/page/Content/Managing-Active-Directory-Groups.htm


Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.
0 Kudos

gurpreetchanna
New Contributor II
New Contributor II

‎07/23/2024 08:59 PM

Hi @rushikeshvartak ,

Thanks for the link to the guide. Can you also suggest on below queries. 

 

3. While configuring this, can we keep reconciliation connection as Active Directory and Provisioning as ADSI connection. 

4. Since there are multiple OUs in which we need the group creation. ' advanceGroupFilter' would be used. So user can select the correct OU on the group creation page. Does this limit the import of groups from other OUs in which group creation is not required? 

 

0 Kudos

rushikeshvartak
All-Star
All-Star
In response to gurpreetchanna

‎07/23/2024 09:04 PM

  • 3. While configuring this, can we keep reconciliation connection as Active Directory and Provisioning as ADSI connection. - You can do but it will be applicable for normal account provisioning also
  • 4. Since there are multiple OUs in which we need the group creation. ' advanceGroupFilter' would be used. So user can select the correct OU on the group creation page. Does this limit the import of groups from other OUs in which group creation is not required?  - Yes it will limit import also. You can customize the gsp

Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.
0 Kudos

GauravJain
Regular Contributor III
Regular Contributor III
In response to rushikeshvartak

‎08/21/2024 09:21 PM

Hi @rushikeshvartak - we are facing similar issue where the "Application Name" field on "Manage ADSI Groups" screen is not getting populated for the selected Group(which we want to modify). Does it also require customization in gsp file? For "Create ADSI Groups" function we have modified "create.gsp" to make sure "Application Name" dropdown gets populated with group containers information.

Please suggest.

Regards

Gaurav

 

0 Kudos

rushikeshvartak
All-Star
All-Star
In response to GauravJain

‎08/21/2024 09:27 PM

You need to modify gsp


Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.
0 Kudos

GauravJain
Regular Contributor III
Regular Contributor III
In response to rushikeshvartak

‎08/21/2024 09:38 PM

which one? we have following 4 files for ADSI: "create.gsp" is used for "Create ADSI Groups" screen so excluding it

show.gsp / roledetail.gsp / objectAndPermission.gsp

0 Kudos

rushikeshvartak
All-Star
All-Star
In response to GauravJain

‎08/21/2024 09:40 PM

  • Create.gsp and show.gsp
  • create for new adsi group
  • show for existing adsi group

Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.
0 Kudos

GauravJain
Regular Contributor III
Regular Contributor III
In response to rushikeshvartak

‎08/21/2024 11:54 PM

can you please share an example of what and where the modification is required to populate "Application Name" for selected group for modification? any document link for reference?

0 Kudos
Copyright © 2024 Khoros, LLC