Capture AD Groups as a Resource in eDirectory Without Turning on the NetIQ PCRS

Want to capture AD groups as a resource in eDirectory without turning on the NetIQ PCRS process? Try this:

Step 1:  Create new Resource in UserAppl

  •  Create the AD_XYZ_Group resource in userappl
  •  Set Categories. For example, NetIQ Dynamic Resource.
  •  Set Entitlement Name. Specify the AD driver Group membership entitlement.
  •  Select the ‘Allow user to assign entitlement value(s) at resource request time.
  •  Set label for value field. For example, AD Group.
  •  Select Allow this Resource and entitlement to be assigned multiple times with different values.
  •  Save changes.

Step 2:  Add a new policy in the AD driver Publisher Channel to trap AD groups coming from AD

  •  This policy should add a new resource instance created in step 1.
  •  The resource should contain the AD group DN and the Grid ID.

Step 3:  Update AD driver configuration

  • Driver Configuration/Driver Parameter enable incremental dirsyn to true. This allows the AD driver to receive only delta changes to AD groups.