pyvf4 (pyvf4) asked a question.
Group Membership rule based on Active Directory OU not matching for newly added users
Starting sometime in the last 3 months or so we have started to have to manually put users in what were dynamic groups. This is because new users are not being added to the group that is using a dynamic rule that looks at the Active Directory OU they are located in. Where as older users who are in the same OU as the New user show as matching the rule and hence are added to the group in question.
Any ideas why this might be?
Thanks,
Hi Philip,
This is Catalin from Okta support.
The issue you are facing needs to be investigated more on why exactly the NEW users are not matched by that rule.
-Was there any change in new users than the old users that would affect this rule?
-Did this happen spontaneously on a random import?
-Are the Agents updated to the latest version?
Those questions need to be addressed on a case with proper troubleshooting tools, thus I suggest you open a new case with our Directories team and have the issue addressed properly.
Thank you!
I am not sure when this started. But it does seem to affect all users that have been onboarded in the last 3 months or so and possibly longer. There was no change to any of this until I noticed the issue and then I did try a couple of things to test but did not seem to make a difference.
Only change that was made but I had thought some did come in correctly after we started integrating with Workday for user creation in Okta and using Okta to create the user in AD. We then move that user in AD to the appropriate OU. If this is the cause though then why did this not happen when people changed departments and hence were moved to new OUs as Okta did update the dynamic groups they were in.
Thanks,
Phil Paxton
FBHS IT Service Desk