Hi,
I am running a fresh installed Identity Governance 3.7
I had also configured the AD Account Collector (3.6.2) and Permission Collector. The AD Permission is using the default "Collect Permission", change the Permission-User Mapping to Account ID from Source
Identity Collector is based on CSV File.
I can collect the AD Accounts and view the Permissions
From the Identity Perspective, it listed all the Direct AD Memberships and Accounts
AD Account : Keng
AD Permission : AllStaff, InternetBrowsing, ITSupport
ITSupport Group is a member of Domain Admins.
The weird thing is when I access Domain Admins Permission (Catalog > Permission > Domain Admins)
It only show 1 Holder and 1 Permission Relationship (ITSecurity).
In AD, when I check the Domain Admins, it had 10+ Direct Members, and 5 Groups whereby ITSupport and ITSecurity are part of the Groups.
(i) The Holders is showing the Identity, not Accounts (Is it supposed so). From the 10+, I would say 7 members are mapped to the Identities, and the rest are not
(ii) What could went wrong here?
(iii) Is default "Collect Permission" is not enough ?
Regards,
Keng