The group membership information of one or a set of users are not returned by the AD when ProxySG performs a LDAP (Lightweight Directory Access Protocol) search using a fully-qualified distinguished name. As a result, policies configured with source as LDAP users/groups are not applied for the transaction.
This can happen when the user account's primary group is not set to "Domain Users" especially when the user in question is part of multiple groups. To address this issue, change the user's primary group to "Domain Users". Steps given below.
1) On AD, open the Active directory users and computers snap-in
2) On left pane, right click on domain and select "Find" to search the user
3) Highlight the user and goto "Properties"
4) Navigate to "Member Of" tab, Select "Domain Users" and click on "Set Primary Group"
5) Apply the changes
Subscribing will provide email updates when this Article is updated. Login is required.
Thanks for your feedback. Let us know if you have additional comments below. (requires login)
Subscribed to the Article.
Unable to subscribe
Thanks for your additional feedback !!!
Enterprise Support Virtual Agent
Rate Me :
Tell us more:
Welcome! My name is Sami, the Enterprise Support Virtual Agent answering technical support questions.