-
Title
Which Account Discovery Rule would apply if multiple rules match the same account? -
Description
In an Account Discovery job, if multiple rules exist and more than one rule can match the same account, which rule settings would apply to that matched account?
For example:
Rule1: Find all accounts that are members of the local "Administrators" group and assign the password profile A
Rule2: Find the account named "Administrator" and assign it the password profile B
In this scenario, the account "Administrator" will be matched by both (rules 1 because its a member of the group "Administrators") and (by rule 2 because the name matches), while profile would apply to the account in this case?
-
Resolution
Starting with SPP version 6.8, the Account Discovery Rules are processed from top to bottom in the order of the rule creation.
Rule1 was created first and therefore is processed first to discover all accounts that are members of the "Administrators" group in this example and these accounts will get assigned password profile A
However, since the rule 2 conflicts with rule 1 where it also matches the account "Administrator" then this account will get assigned profile B as it is the last processed rule that matches this specific account.
Therefore, In a case where an account matches 2 rules, the latter rule will apply to that account.