Active Directory group membership information is not returned for a Domain user when testing f
03/26/2020 19 16123
DESCRIPTION: Active Directory group membership information is not returned for a Domain user when testing from LDAP
Active Directory group membership information is not returned for a user when testing from LDAP, however, the domain information is returned.
Most likely the issue here is that the active directory user "Primary Group" membership is not set to 'Domain Users" as a user may belongs to multiple Groups.
To set the primary group as "Domain Users" follow the steps below:
1. From the Server where Active Directory is installed, open Active Directory user and computer console. 2. From the left hand side under Domain | expand the container / Organizational Unit where the user located. 3. Right click on the User from the right hand side of Active Directory User and Computer console | Select "Properties" from context menu. 4. Select "Member Of" tab from displayed user properties dialog box. 5. Under "member of " section highlight the entry for "Domain Users" and click on "Set Primary Group" button under "Primary Group" to set the Membership to "Domain Users".
Note: If the user membership is already set to "Domain Users" group then the "Set Primary Group" button will remain inactive/grayed out.
How to Test:
Login on to the SonicWall Firewall and then Go to | Users | Settings | Click on Configure LDAP | Click on Test Tab | Under Test LDAP Settings | Enter Username and Password of the domain user | click on the test button.
Look under Returned User Attributes for "memberOf " group membership information received from Active Directory.