none
AD group member not correctly provisioned

    Question

  • Hi,

    I have a database with users and groups and a domain (one forest one domain with level 2008 R2) with users and groups

    Users and groups are projected from the database to the metaverse.

    Groups are provisioned to AD by FIM, whereas users are joined. I'm not using the portal only sync service.

    In the metaverse, a group has 3000 members but in Active Directory only 158.

    If I can take one user that should be in the AD group but is not:

    • I can see that the user has a connector to AD.
    • I can see that the user is member of the group (by looking at its GUID)

    I have done several Full import/Full synchronization from AD or the database, or just by using the preview/commit feature. I even suppress the whole connector space but nothing changed.

    I'm using FIM 2010 build 4.0.3594.2.

    Do you have any ideas?

    samedi 27 juillet 2013 16:27

Toutes les réponses

  • A few things to check:

    • What is your attribute precedence set to for "member"?
    • Do the users definitely exist in the same connector space as the groups?
    • What does the full sync preview tell you about the member export flow to AD?
    lundi 29 juillet 2013 03:16