Skip to Content
avatar image
Former Member

GRC 10.1 - Active Directory Groups Provisioning Issue

Hi experts!

Im working in GRC10.1 AC SP07, and im trying to configure provisioning for AD Groups. I have created group in BRM, and im able to do the request; however, when this request is approved provisioning fails.

In SLG1 i get following message and audit log for request says: "Auto provisoning failed; Applied Escape route"

MSADCLNT000 is LDAP connector and "APP_NEX_Operacion" is the AD group.

Any idea about which could be the problem?

I think problem could be USER PATH and GROUP PATH; i don´t know exactly how to configure this point because users belong to a certain OU in AD, and groups belong to another OU.

Note im using LDAP connector like Data Source until now, and it works fine.

Thanks a lot!


Sin título.jpg (64.3 kB)
Add comment
10|10000 characters needed characters exceeded

  • Follow
  • Get RSS Feed

1 Answer

  • avatar image
    Former Member
    Aug 19, 2015 at 12:54 PM


    No solution to that problem ? I have the same issue.

    My search patch is : CN=XXXX-ALL-SysGroup,OU=ouDistribution,OU=ouGroups,DC=XXXXt,DC=XXXX"

    Thanks is someone can help,


    Add comment
    10|10000 characters needed characters exceeded

    • Hello,

      Please make sure in your LDAP attribute mapping you map all the required objectClasses that exist in target LDAP server to group parameter User:OCThis is sample LDAP group parameter mapping for action type 4:

      User:OC top

      User:OC person

      User:OC user

      User:OC organizationalPerson

      User:OC inetOrgPerson

      Also the default password for LDAP user is hardcoded to Password1!, but if in case customer wants to change it,

      please add an attribute Password and provide the value that matches with the password policy of your LDAP server.

      Ex. in group field mapping:

      PASSWORD Password123!

      Ex. of group field mappings:

      PASSWORD Password1!



      LASTNAME givenName

      EMAIL mail


      Please make sure you map CN to userID field. As that is used to construct DN for the provisioned user.