Cannot query membership information for Domain Users group in Active Directory (AD) server

Product / Version includes:

Interscan Web Security Virtual Appliance6.0 , Interscan Web Security Virtual Appliance6.5

Last updated: 2021/08/28

Solution ID: KA-0004553

Category: SPEC , Configure , Troubleshoot

Summary

When you use Microsoft AD as LDAP server to do user authentication, you can set the Domain Users group in policy account.

The Domain Users is a special group in AD. This group can be found through a LDAP query. However, InterScan Web Security Virtual Appliance (IWSVA) cannot obtain membership information for the Domain Users group through LDAP search.

Using the LDAP query tool, you can verify the Domain Users’ LDAP attribute. You will find out that there is no “memberOF” attribute for the Domain Users group.

This issue is a limitation of Microsoft AD. Instead of using Domain Users as LDAP group, we recommend you to create policies based on User-defined LDAP groups in IWSVA.

Was this article helpful?

Featured

Automation Center

Education Portal

Online Help Center

Service Status

TrendConnect

Cannot query membership information for Domain Users group in Active Directory (AD) server

Cannot query membership information for Domain Users group in Active Directory (AD) server

Product / Version includes:

Summary