We use Windows AD and BO V4, SP4, FP3. I forgot to add a user to a specific AD group that controls application access (WebI, Voyager …). I was able to successfully create and import the user with his AD groups. However, on hindsight, I had to add the user to another AD group after the fact and I don’t see the user assigned to this AD group within BO. When I try to add him manually within BO to this group, I get the following error:
cannot add users to mapped third party group
I have manually updated “Authentication” to see if the group automatically shows up in BO. No luck! Anyone facing or faced the same situation?
The problem is that even when I add the user to the new Windows AD group using the AD plug-in outside BO, there are several issues (OR I don;t know what I am doing)
The new AD group doesn’t get assigned to the user within BO even after days and updating the “Authentication” tab for Windows AD
No provision to manually add or remove user from a Windows AD group within BO
I think this is a bug unless I am missing something very obvious here
Here is the kicker! In my example, I had forgotten to assign a user to a specific Windows AD group and created the user in BO and imported the Windows AD groups into BO. No matter how many times I had updated “Authentication”, it wouldn’t pull in the newly added Windows AD group for this user and as mentioned here, you cannot add the Windows AD group manually to the user within BO. I ended up deleting the Windows AD alias within BO and re-adding the Windows AD group alias within BO. NOTE: You got to make sure you give sufficient time for your AD server to replicate the security changes to your main AD server. We have 4 regional AD servers and one central AD server and it took a while (15 Minutes to 30 Minutes) for the new AD security settings to replicate to the central server which is what talks to our BO server.
(BOB member since 2003-12-17)
(BOB member since 2002-06-20)
(BOB member since 2003-12-17)