This question was originally posted on DCIM Support by Javier Zurera on 2018-06-27
we have imported users from an active directory group. We see the users in DCO with the rights that the user group has defined in DCO.
But we have been testing what happen if we eliminate some user from the AD group, and we see that the user still belongs to the same user group in DCO. Also if we add a new user in the AD group, we do not see the new user in DCO. We have tried to reboot DCO server and the users in DCO do not change.
Do we have to wait more time to the synchronization between DCO and AD?
This answer was originally posted on DCIM Support by Jef Faridi on 2018-06-28
When integrated with an authentication sever (such as AD server) the user and group authentication would be synchronized in DCO within/latest one hour time. Synchronization is running in background all the time.
In case a new user added in AD server as the group member, then the user would be in the corresponding group in DCO within the above mentioned synchronization time, and/or if this new user logs in (to DCO).
In case a remote (from DCO point of view) user being removed from the AD server, then the user will not be able to login to DCO. And due to KPIs, by design this user will not be removed from DCO automatically, but you (with admin rights) have the option to manually remove/delete this user if/when you wish.
This comment was originally posted on DCIM Support by Javier Zurera on 2018-07-02
But, what happens if a remote user is still in the AD but changes to another group?
This comment was originally posted on DCIM Support by Jef Faridi on 2018-07-02
If the group is undefined in DCO, then the user may be able to login without having access to anything.
Discuss challenges and get support in energy and automation with 30,000+ experts and peers.
Over 10,000+ support articles are available to help you find answers to your product and business challenges.
Find peer based solutions to your questions. Provide answers for fellow community members!