GuidoPinamonti Posted August 2, 2018 Share Posted August 2, 2018 When I go to add permissions to a discovery job and I try to search for an AD user, not all of my AD users are showing up. The Administration | Active Directory Domains appears to be set up correctly along with the privileged account credential. Is there some reason I wouldn't be able to see all of my AD users in order to change permissions on a discovery job? Thanks in advance. Guido Link to comment Share on other sites More sharing options...
support Posted August 2, 2018 Share Posted August 2, 2018 Hi Guido, When applying permissions throughout Passwordstate, we do not query AD live for users and security groups - they must be already imported into Passwordstate. If you go to the screen Administration -> User Accounts, do you see these users? Regards Click Studios Link to comment Share on other sites More sharing options...
GuidoPinamonti Posted August 2, 2018 Author Share Posted August 2, 2018 Yes, we have some users under User Accounts. I made an assumption that since we set the AD group sync to once per day that it must have been pulling user accounts as well because if I manually added an email address to a user account in passwordstate, it would wipe it out the next day. Link to comment Share on other sites More sharing options...
support Posted August 2, 2018 Share Posted August 2, 2018 Hi Guido, If the user's email address is being cleared, then that would be because on their AD Account and email address is not associated with it. So are you saying the AD Sync process is not adding in new accounts? The Sync process monitors any Security Groups you've added to the screen Administration -> Security Groups, and as long as the appropriate System Setting option is set to add new user accounts in, then this should occur. Let us know if this is the issue? Regards Click Studios Link to comment Share on other sites More sharing options...
GuidoPinamonti Posted August 2, 2018 Author Share Posted August 2, 2018 Yes, that's true re email address. The sync process is only ensuring that security group membership is correct and user account status is updated, correct? If the group membership of a security group didn't change, why would it wipe out the email address unless it re-imported the user from AD? Link to comment Share on other sites More sharing options...
support Posted August 2, 2018 Share Posted August 2, 2018 Hi Guido, The only reason it should wipe out an email address on a users account, is because the AD account does not have an email address associated with it. In addition to synchronizing security groups, we also sync certain attributes for all accounts i.e. First Name Surname Email Address Enable/disabled status Office Department This process happens regardless of whether the user's account is in a Security Group or not. Regards Click Studios Link to comment Share on other sites More sharing options...
GuidoPinamonti Posted August 3, 2018 Author Share Posted August 3, 2018 Makes sense. Thx! Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.