Active Directory Group Lookup Recon And Exchange Distribution Group Recon List Same Groups
Last updated on JULY 09, 2017
Applies to:Identity Manager Connector - Version 188.8.131.52.0 and later
Information in this document applies to any platform.
When a user is added to a distribution group in Outlook (added as a member of a distribution list), upon reconciliation of Exchange, the user gets this entitlement listed under their exchange Resource. However, when AD Recon runs, the user also gets this entitlement listed under their AD resource. Both the Lookup.Exchange.DistributionGroups recon and the Lookup.AD.Groups recon pull these same groups in as entitlements resulting in two entries appearing in the catalog for the same directory object.
The issue can be reproduced at will with the following steps:
1. Start by creating a Mail distribution group in AD/Exchange (to manage the members of a distribution list). (if you then run recon for distribution groups in Exchange you should see this group as an entitlement. If you run AD group lookup recon it should appear there as well).
1a. You will need another user that can manage the distribution list in Exchange (userB)
2. Create a new user in AD (userA)
3. Create a mailbox for user in Exchange.
4. In Outlook, have userB add userA to their distribution list.
5. When Exchange recon runs, the user will have this entitlement listed for them.
6. When AD recon runs for the user, this same entitlement will be populated for the AD resource.
Sign In with your My Oracle Support account
Don't have a My Oracle Support account? Click to get started
My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms