9rjgz (9rjgz) asked a question.
AD groups has gone in ldap interface connection.
Hello?
I am managing microsoft AD (windows server 2018 on aws ec2). I linked Okta to that AD. Also I am implementing ldap login this time using "ldap interface".
My problem is that the AD Group looks normal in Okta admin, but when I connect to Okta using the "ldap interface", the AD Group is not visible. For reference, the group type in AD is Global-Security.
Are there any additional settings to be made?
And in what cases is it appropriate to use the ldap interface?
I also tried ps: ldap integretion, but gave up because there are attribues that my AD does not support.
Thats right.
When LDAP apps query Okta for users and groups, Okta must be the source of truth if the apps use LDAP interface to connect to Okta.
Hi!
I'm George from Okta Support.
It doesn't appear to be possible to show AD Groups with the LDAP interface, and it has to do with the exact reason you mentioned in the description: there are attributes that the AD doesn't support.
There are some interoperability issues with AD and LDAP Interface, and it is best practice to use the AD Agent with AD, and LDAP Interface with LDAP.
If you have any other questions regarding this case or others, feel free to open a new ticket and me or the others engineers will be happy to assist you.
Have a great day!