on 04-19-2016 3:03 PM
I've recently come across a situation where a fellow IDM tech pulled the record of a given user via SQL query. The results show that this user has a number of AD group memberships. However, when you list that same user's privileges via the UI, these AD groups don't show up. What would cause the UI to not reflect the actual record that's clearly present in the ID store?
Sorry to keep this thread hanging everyone. Once I get access to all the necessary systems, I'll check everyone's suggestions then mark helpfuls / correct answer as needed!
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Brandon,
I think that makes sense, if you dont have it assigned directly and also not inheriting it, you dont have it assigned. What is the link state though? Is it orphan? Might that be an inconsistency? Orphan assignments are inherited assignments that should have been removed but the removal failed.
Regards
Norman
Hi Brandon,
Check the access controls on the object in the MMC console, might be admin or member only. Something like that.
Good luck!
Matt
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
84 | |
24 | |
11 | |
9 | |
7 | |
6 | |
5 | |
5 | |
5 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.