• State Verified Answer
  • Replies 4 replies
  • Answers 2 answers
  • Subscribers 94 subscribers
  • Views 1613 views
  • Users 0 members are here
Options
Related

AADGroup not getting assigned to AADuser

dnyandev
over 2 years ago

Hi All,

We have business role and that business role has AD groups, LDAP Groups, AAD groups assigned.

When I assign business role to person AD group get assigned to ADSAccount,

LDAP group get assigned  LDAPAccount

but

AADGroup did not get assigned to AADUser.

Do you know what is the issue or did I miss any configuration.

OIM version is 8.1.5

Thank you 

Dnyandev

Parents
  • +1 over 2 years ago

    Hi Dnyandev,

    Does the AADUser have isGroupAccount set?

    HTH, B.

  • 0 over 2 years ago in reply to Barry Jackson

    Hi Barry,

    Thank you so much for this. This worked for normal group.

    But now I have another issue as below.

    Do you have any idea how to fix this.

    [1025012] Object (Dnyandev (EXT)) could not be saved!
    [810306] Error during execution of 'OnSaving' in logic module 'AAD.Customizer.AADUserInGroup'.
    at VI.DB.Entities.EventUnitOfWork.<PutAsync>d__2.MoveNext()
    at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
    at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
    --- End of stack trace from previous location where exception was thrown ---
    at VI.DB.Entities.PermissionsUnitOfWork.<PutAsync>d__11.MoveNext()
    at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
    at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
    --- End of stack trace from previous location where exception was thrown ---
    at VI.DB.Entities.EventUnitOfWork.<PutAsync>d__2.MoveNext()
    at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
    at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
    --- End of stack trace from previous location where exception was thrown ---
    at VI.DB.Entities.UnitOfWorkImpl.<PutAsync>d__37.MoveNext()
    at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
    at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
    --- End of stack trace from previous location where exception was thrown ---
    at VI.DB.Entities.DbEntitySink.<PutAsync>d__14.MoveNext()
    at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
    at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
    --- End of stack trace from previous location where exception was thrown ---
    at VI.DB.Entities.DelayedLogicSaveEntityStrategy.<OnSavingAsync>d__5.MoveNext()
    at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
    at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
    --- End of stack trace from previous location where exception was thrown ---
    at VI.DB.Entities.CombinedEntityLogic.<OnSavingWithHandlerAsync>d__14.MoveNext()
    [2552002] Assigning user Dyandev (EXT) as a member of group DST02209_FullAccess failed.
    Memberships of user type Member in groups SecurityEnabledMailEnabled are not valid.
    at VI.DB.Entities.CombinedEntityLogic.<OnSavingWithHandlerAsync>d__14.MoveNext()

  • 0 over 2 years ago in reply to dnyandev

    Well I'm no Azure expert but the error message looks pretty self-explanatory:

    Assigning user Dyandev (EXT) as a member of group DST02209_FullAccess failed.
    Memberships of user type Member in groups SecurityEnabledMailEnabled are not valid.

  • 0 over 2 years ago in reply to Barry Jackson

    thanks Barry, I got this also I read some azure graph API document and this is not posible via Azure AD.

    Thanks for poiting correctly..

Reply Children
No Data