Though Account is in inactive state, account recreated in AD. we are completely unsure why this happened. can anybody knows in which scenario it happens?
identity LCS is inactive, but it created account prompting a role
Can you check role, there might be birthright role that is automatically assigning the role which might result for AD account creation.
-Mehul
LCS is inactive, BR can create LCS active one. So it is unusual here
Hi @shaffusailpoint,
Possible scenario would be when you have two different sources entries pointing to same AD then if you run aggregation, it will create new account entry for the second source.
Does your tenant have two source entries for same AD
-Vasanth
Hi,
To clarify, you are provisioning AD accounts by adding an entitlement/role on the provisioning tab of an identity profile, only when the LCS is ‘active’. However, an account has been provisioned when the LCS was ‘inactive’.
Is that a correct summation?
1 Like
This sounds like it could be a sticky entitlement.
If the AD account was moved to a different OU directly on AD, and the account still had some entitlements assigned which were assigned to the account through ISC, then SailPoint will re-provision the account to the old DN.
Some recommendations are available here:
1 Like
yes, that is correct
This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.