AD MemberOf Attribute Name is same as DN name

nmuthusamy · December 20, 2023, 3:39am

Hi,

We noticed that during entitlement aggregation for AD, AD groups those dont have name or displayname assigned takes the DN value as its name. Is it the expected behavior from sailpoint?

Eg :
Usual case where display name is assigned in AD

In IDN:

Name : ADGrp1 , Display Name : ADGrp1 and Value : CN=ADGrp1,ou=group,dc=abcd,dc=com

Case where display name is empty in AD

In IDN:

Name : CN=ADGrp1,ou=group,dc=abcd,dc=com,
Display Name : CN=ADGrp1,ou=group,dc=abcd,dc=com
Value : CN=ADGrp1,ou=group,dc=abcd,dc=com

Thanks

Sachin_Rajathadri · January 8, 2024, 10:42pm

Hi, it looks like it’s only bringing in the group DN your AD account holds. That is usually the case when that group is outside the defined “group search scope”. Check your source configuration page and verify the group search scope. Then, try running the entitlement aggregation again. Hope this helps!

system · March 8, 2024, 10:42pm

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
AD display name in entitlements, DN vs CN/sAMAccountName? ISC Discussion and Questions aggregation , identity-security-cloud	5	238	June 16, 2024
Azure AD group rename ISC Discussion and Questions	3	1801	July 19, 2023
Azure AD Entitlement Type Group ISC Discussion and Questions identity-security-cloud , entitlements	3	365	December 25, 2023
New AD Account Created during AD Aggregation ISC Discussion and Questions aggregation , identity-security-cloud	7	85	December 8, 2024
Azure AD entitlements - Uses GUID instead of name ISC Discussion and Questions identity-security-cloud , entitlements	5	209	July 15, 2024

AD MemberOf Attribute Name is same as DN name

Related topics