Skip to Content
avatar image
Former Member

Role/Privilege Shows in OK Status but not replicating in AD Backend System

Hi Experts,

In my current assignment, IDM Being parent system and AD,SAP system are Child system. And we are managing few AD groups dynamically based on user's location.

Issue is a user is assigned to AD group Dynamically in IDM via Role, which shows OK status in IDM however it didn't replicated into AD.

Issue is for Role Delete Button is disabled as Role is assigned to user Dynamically.

Can you please advise me action?

issue.png (8.7 kB)
Add comment
10|10000 characters needed characters exceeded

  • Former Member

    Its just one user. Other users are working fine.

    We are in IDM 7.2 version, SQLOLEDB

    I just think, is there a way I can push the assignment again?

  • Hello Ravi,

    is this issue just for one user or for all?

    And please share also your IDM version and database.




    PS: Your secondary tag ("BW Operational Data Provisioning (ODP") has nothing to do with IDM or this question, so I would ask you to delete it.

  • Get RSS Feed

1 Answer

  • Best Answer
    Feb 16, 2018 at 02:10 PM

    You wrote, that the business role is assigned dynamically? I assume you mean via a dynamic group?

    The easiest way to re-assign that business role and trigger reassigment of the attached privileges would be to exclude the mskey of the user in the SQL filter query of the dynamic group, recalculate the group (the user will be deleted from the BR), wait a moment, then put the SQL filter back to normal, recalculate the dynamic group again and check if the assignments now went to the backend.


    That's what I normally do. ^^

    Add comment
    10|10000 characters needed characters exceeded

    • Then you need to check why it is pending. Maybe the account is not created, maybe it's another reason. Channel your inner Sherlock Holmes and try to find the underlying issue. ;)