This is probably a simple question but i'm having issues in D1IM v7.
I have a user with a corresponding Active Directory account that is Fully Managed.
I also have a Business Role with an AD Group assigned to it with no blocking of Inheritance or Hierarchy.
When I add the Business Role to the Employee either by a Direct Assignment or by a Dynamic Role, the AD Group does not get provisioned to the AD User.
I can see the Business Role assigned to the Person objects in PersonHasObject, but thats about it.
This works perfectly in 6.X and is a simple use case so i'm confused! Any thoughts?
did you set the "Groups can be inherited" flag in the users' settings?
If you're creating accounts based on account definitions, you need to have an IT operating data mapping for this attribute, e.g.
I eventually found that option and all is well :)
Q: 'Why isn't Identity Manager provisioning?'
A: Power of the check-list: