Hi,
When we try aggregate groups from Active Directory source we are getting the following warning:
What is the reason for this warning? Is there a way to avoid this Warning message?
On an other side, when agregation task is finished , we note that 355 groups were deleted. Is there relation bettwen the warning message and the groups deleted?
Thanks in advance
Looks like you are aggregating in duplicate security groups from Active Directory. You can try to bump up the delete thresh hold and/or determine the group that is being read in multiple times.
Hey @ismaelmoreno1,
Thank you for posting your question. It looks like you might be having some cyclical dependencies ( i.e. like a group with in a group). Try to add this entry <entry key=“noGroupCycleDetection” value=“True”/? and then run aggregation. Let’s see if adding that will help to make the warning message disappear.
Also, here is an article that you may find useful: https://community.sailpoint.com/t5/IdentityIQ-Forum/Active-Directory-warning-Pruning-cyclical-group-hierarchy/m-p/177042#M141928
PATCH - {{api-url}}/beta/sources/{{sourceId}}
[
{
"op": "add",
"path": "/connectorAttributes/noGroupCycleDetection",
"value": true
}
]
Make sure Content-Type is application/json-patch+json
Thanks for helping out here, @tom_bui; I hope things are going well over at Splunk!
@ismaelmoreno1, please let us know if the above helps to solve your issue 
I have marked this thread as solved. @ismaelmoreno1 please let us know if we can be of any further assistance to you; we hope to see you around the Developer Community more in the future!
Hi @jordan.violet
sorry for the delay to reply and try the tests. Finally the solution works
Thanks for all
Hey @ismaelmoreno1,
Thanks for circling back and letting us know; I am delighted to hear that the solution worked well for you. We hope you see more of you around the developer community in the future!
***. Please be aware ****
Although this Topic is under the IdentityNow (IDN) category, this Connector Attribute is not valued by IdentityNow and is only valued by IIQ, (as per the Active Directory Connector - FAQ and Troubleshooting , “IdentityIQ Troubleshooting” Section.
In point of fact, SailPoint do not even recommend using this Connector attribute as this does not solve the underlying issue that is causing this warning to be posted, it only prevents the warning messages from being posted.
Cyclic group hierarchy will have an effect on IDN, IIQ and Active Directory performance, and this message should be considered as a Canary warning in order to address the links between the groups in the Active Directory Domain.
Hi,
Is there any way to extract a report of cyclic groups through Identity now for which the warning was thrown?
Thanks
Hi @tom_bui,
Hope you are doing well !
As you have suggested, I tried patching to the AD source however, during the entitlement aggregation getting the same warning.
Could you please help me on this.
Thanks in advance.
Aditya Veldi.