Community
Select to view content in your preferred language

Portal users with Active Directory Not Removing From Group

717
4
Jump to solution
10-17-2024 07:49 AM
BrianLeroux
by
Frequent Contributor
‎10-17-2024 07:49 AM

I have groups link to AD domain groups. When a new user is added to the AD group, they show up in the Portal group. However, when they get removed from that AD group, they are not getting removed from the group. Is that expected behavior? I do understand that they would still have a portal account as accounts need to be removed manually but I was hoping to have them removed from the groups as it is retaining access to services they should not be allowed to access any longer.

It seems like removing them from an AD group but putting them in other does work and removed them from one portal group and add them to the other. 

0 Kudos
1 Solution

Accepted Solutions
rcGIS
by
Frequent Contributor
‎10-17-2024 08:01 AM

Hello @BrianLeroux, you might want to check this old Esri Community post. In which this doc is referred; I added the latest version of it.

View solution in original post

0 Kudos
4 Replies
rcGIS
by
Frequent Contributor
‎10-17-2024 08:01 AM

Hello @BrianLeroux, you might want to check this old Esri Community post. In which this doc is referred; I added the latest version of it.

0 Kudos
BrianLeroux
by
Frequent Contributor
‎10-17-2024 08:28 AM

HI @rcGIS , I did read through that but I think my situation is a bit different. I am only looking to make sure users are being removed from groups. Interestingly enough I was able to get the removals to sync between AD and Portal just now. It seems like I had to trigger the process though. I went into the Portal REST Sharing endpoint and searched for the group I wanted to refresh. Choose the "Update Group" option. Did not change any settings but just clicked the "Update Group" button to save. Moments later I saw users start dropping from the group user list. Seems strange that I would have to do this. 

After further testing, users will show in the portal group even though they are removed in AD until they log into the system. Seems like the login forces and AD lookup to refresh the user. Wish there was a way to do a bulk refresh.

0 Kudos
BillFox
by MVP Frequent Contributor
MVP Frequent Contributor
‎10-17-2024 08:41 AM

does it look like it is supposed to after midnight?

0 Kudos
BrianLeroux
by
Frequent Contributor
‎10-18-2024 05:18 AM

Yes it did @BillFox. Thank you and @rcGIS for the info. 

0 Kudos