-
Title
Users Missing from Dynamic Groups and Managed Units -
Description
There is an existing group in Active Directory with existing members. This group is converted to a Dynamic Group with the include group membership option, but some or all previous members do not appear.
Alternatively, a new or existing Dynamic Group may not display some members which are expected.
-
Cause
Cause 1
Expected membership could be blocked due to a setting within the Built-in Policy - Dynamic Groups policy.
Cause 2
One or more of the expected members were Deprovisioned and the Undo-Deprovisioning action was not properly performed.
-
Resolution
Resolution 1
By default only Mail-Enabled Users will be included in any Dynamic Group that is a Distribution group. In addition, by default, only members from the same Active Directory Domain as a specific Dynamic Group will be included in that Dynamic Group.
NOTE: A user is not "mail-enabled" unless they have a value in mailNickName as well as the msExchRecipientDisplayType and msExchRecipientTypeDetails attributes.To change these default settings:
- In the Active Roles Console, expand Configuration | Policies | Administration | Builtin. Double-click on Built-in Policy - Dynamic Groups, then on the Policies tab click View/Edit for Provides support for groups with rules-based membership lists.
- On the Policy Settings tab, select the checkbox labeled Enable cross-domain membership AND/OR de-select the checkbox labeled Include only mail-enabled users in dynamic distribution groups (This checkbox adds the following filter to the DG query: (mailnickname=*))
- Click OK twice to save any changes and close the policy.
- After any of these options have been changed, it will be necessary to run Check Policy (this is found in the right-click menu on the Active Directory container within the Active Roles Console).
Resolution 2
Right-click on the User object and check to see if it shows an action to Deprovision or Undo-Deprovision. If it shows the Undo-Deprovision action, then this User object was previously Deprovisioned and this status was not correctly rolled back using the Undo-Deprovisioning action.
Complete the Undo-Deprovisioning process in order to correct this partial status.