Active Directory group membership information is not returned for a Domain user when testing from LDAP

Active Directory group membership information is not returned for a Domain user when testing from LDAP

Problem Description:

Active Directory group membership information is not returned for a user when testing from LDAP, however, the domain information is returned.

Resolution:

Most likely the issue here is that the active directory user "Primary Group" membership is not set to  'Domain Users" as a user may belongs to multiple Groups.

To set the primary group as "Domain Users" follow the steps below:
 

1. From the Server where Active Directory is installed, open Active Directory user and computer console.
2. From the left hand side under Domain | expand the container / Organizational Unit where the user located.
3. Right click on the User from the right hand side of Active Directory User and Computer console | Select "Properties" from context menu.
4. Select "Member Of" tab from displayed user properties dialog box.
5. Under "member of " section highlight the entry for "Domain Users" and click on  "Set Primary Group" button under "Primary Group" to set the Membership to "Domain Users".
 

Note:  If the user membership is already set to "Domain Users" group then the "Set Primary Group" button will remain inactive/grayed out.  

How to Test:

Login on to the SonicWall Firewall and then Go to | Users | Settings | Click on Configure LDAP | Click on Test Tab | Under Test LDAP Settings | Enter Username and Password of the domain user | click on the test button.
 

Look under Returned User Attributes for "memberOf " group membership information received from Active Directory.