IdentityIQ 8.4 - Aggregate a single Active Directory group

Which IIQ version are you inquiring about?

IdentityIQ 8.4p2

We have the need to aggregate a single Active Directory group on a very regular basis (every 2-3 minutes, tops). We can’t run a full (or even delta) AD aggregation, due to the number of groups we have. It would take too long and create performance problems. I have the distinguished name of the group, and was hoping there would be a way to set an LDAP filter on the aggregation task to scope it to that single object. But, I haven’t found a way of doing that documented anywhere.

Has anyone come up with a way to quickly aggregate a single object from Active Directory into IIQ?

Is it the group membership that you want aggregated frequently?

Group membership is done via an account aggregation, such that the group memberships are in an account attribute.

There isn’t an easy way to do what you want. You might be able to develop a rule that will do it if you are handy.

Hello @sdnakhla

As per your requirement you can try below post where you can setup custom quicklink to get updates from single group for Active Directory application.

Running group aggregation for single or required groups - Compass