Which IIQ version are you inquiring about?
8.4
Hi @pnjadhav9,
share more info, otherwise we cant help you.
1 Like
@ Emanuele Nistri Basically we are aggregating one of the Ad domain and it is failing for two groups rest of the aggregation is successful. Only two groups are failing and are not being created properly in SailPoint. It does not have any attributes data available in SailPoint other than application reference. based on the error we cannot determine anything and when checked with AD team they also did not find anything unusual with these groups. From the logs we can see there is Internal error : 500 message :- âunsupported endpoint:GetGroupObjectâ. Let us know what other information would be required.
you can activate the AD connector logs to have more info.
Do these groups have a reference to the group\object of other domains that are not configured in the connector?
Hi @pnjadhav9 Are you able to access the problem groups using an LDAP tool, such as LDP, using the same credentials? Could be a permission fail on those objects.
From the logs we can only see above mentioned error details
Internal error : 500 message :- âunsupported endpoint:GetGroupObjectâ
also this group is not member of any other group there are no members available for this group as well. We are getting similar error in production for different groups hence investigating these test groups. We are not able to understand what exactly is Internal server error.
@ Jeremy Place We have checked the service account permissions on the entire OU path. As per AD team service account has full access on the entire OU
You can have full access to the OU without access to the actual object attributes (member particularly). I would still check with LDP or similar.
Ok, let me check on that part