BusinessObjects Board

Legacy Windows AD User Groups

I am noticing that the legacy Windows AD groups are still in the CMC despite the organization moving over to LDAP. The Windows AD authentication has been unchecked yet the groups are still active. Are these groups now treated as Enterprise accounts or are they basically just ‘noise’ and offer no value?

I would assume that you would need to remove them from the Windows AD configuration if you want them removed from Business Objects. They won’t just go away if they are removed from Active Directory. They will cause your Active Directory sync to error out and stop syncing at the point it encounters a missing Active Directory group.

So in other words, it’s just ‘noise.’ The groups are showing in the CMC but aren’t actually active. Correct?

I don’t know that I can confirm that they aren’t actually active without testing. If you want to make certain, you should remove them.

Tha’ts what I am trying to find out. I obviously don’t want to remove them if there is an impact on the user community. I imagine that there will not be, but want to confirm.

You may just have to select an AD group and remove it to see what will happen.

Unfortunately we cannot do that, we need to know the impact of removal prior to doing so.

Check the users that are in the AD groups. If they only have the AD alias attached to the user… you have a problem. If the LDAP alias also appears attached to the user, it should be ok to remove the AD groups. You can also create Enterprise aliases for the users, just in case.