AD MemberOf Attribute Name is same as DN name

nmuthusamy · December 20, 2023, 3:39am

Hi,

We noticed that during entitlement aggregation for AD, AD groups those dont have name or displayname assigned takes the DN value as its name. Is it the expected behavior from sailpoint?

Eg :
Usual case where display name is assigned in AD

In IDN:

Name : ADGrp1 , Display Name : ADGrp1 and Value : CN=ADGrp1,ou=group,dc=abcd,dc=com

Case where display name is empty in AD

In IDN:

Name : CN=ADGrp1,ou=group,dc=abcd,dc=com,
Display Name : CN=ADGrp1,ou=group,dc=abcd,dc=com
Value : CN=ADGrp1,ou=group,dc=abcd,dc=com

Thanks

Sachin_Rajathadri · January 8, 2024, 10:42pm

Hi, it looks like it’s only bringing in the group DN your AD account holds. That is usually the case when that group is outside the defined “group search scope”. Check your source configuration page and verify the group search scope. Then, try running the entitlement aggregation again. Hope this helps!

system · March 8, 2024, 10:42pm

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
AD display name in entitlements, DN vs CN/sAMAccountName? ISC Discussion and Questions aggregation , identity-security-cloud	4	94	April 17, 2024
Azure AD Entitlement Type Group ISC Discussion and Questions identity-security-cloud , entitlements	3	267	December 25, 2023
AD Entitlement Owner Update ISC Discussion and Questions aggregation , identity-security-cloud	4	139	April 23, 2024
Access Profile Active Directory Entitlements Dropping off ISC Discussion and Questions identity-security-cloud	2	232	March 3, 2024
Identity Attribute "AccountName" ISC Discussion and Questions identity-security-cloud , identity-profiles	13	603	April 21, 2024

AD MemberOf Attribute Name is same as DN name

Related Topics