Want to capture AD groups as a resource in eDirectory without turning on the NetIQ PCRS process? Try this:
Step 1: Create new Resource in UserAppl
- Create the AD_XYZ_Group resource in userappl
- Set Categories. For example, NetIQ Dynamic Resource.
- Set Entitlement Name. Specify the AD driver Group membership entitlement.
- Select the ‘Allow user to assign entitlement value(s) at resource request time.
- Set label for value field. For example, AD Group.
- Select Allow this Resource and entitlement to be assigned multiple times with different values.
- Save changes.
Step 2: Add a new policy in the AD driver Publisher Channel to trap AD groups coming from AD
- This policy should add a new resource instance created in step 1.
- The resource should contain the AD group DN and the Grid ID.
Step 3: Update AD driver configuration
- Driver Configuration/Driver Parameter enable incremental dirsyn to true. This allows the AD driver to receive only delta changes to AD groups.