ldap AD integration: How to prevent ServiceNow from updating AD group updates

Go to solution
CarolMa6
Tera Expert

‎05-22-2025 07:01 AM

Hi, 

 

How do I prevent AD from updating ServiceNow group information. Can this be done on the ServiceNow side if yes where do I configure this. Whenever AD touches ServiceNow groups that automatically updates the changes in ServiceNow we want to prevent this from happening. 

 

Please help

 

Regards 

CarolMa

0 Helpfuls
  • 627 Views
1 ACCEPTED SOLUTION

Go to solution
Ankur Bawiskar
Tera Patron
Tera Patron
In response to Ankur Bawiskar

‎05-25-2025 09:30 PM

@CarolMa6 

Hope you are doing good.

Did my reply answer your question?

If my response helped please mark it correct and close the thread so that it benefits future readers.

Regards,
Ankur
Certified Technical Architect  ||  9x ServiceNow MVP  ||  ServiceNow Community Leader

View solution in original post

0 Helpfuls
5 REPLIES 5

Go to solution
Pankaj kr
Kilo Sage

‎05-22-2025 07:15 AM

AD populates the staging table and that data gets used in transform map to update user table. If this is the case, I would recommend to check your data source for respective LDAP and modify the transform map accordingly for group update.

 

If this helped you. Pls mark my answer help and accepted.

0 Helpfuls

Go to solution
tiagomacul
Giga Sage

‎05-22-2025 07:15 AM - edited ‎05-22-2025 07:16 AM

Preventing Active Directory (AD) from updating ServiceNow group information requires careful configuration within ServiceNow, primarily within the LDAP Integration and Transform Maps.

Here's how you can approach this on the ServiceNow side:

Understanding the Problem: How AD Updates ServiceNow Groups

When you integrate ServiceNow with AD via LDAP, a scheduled import job runs periodically. This job pulls data from AD into ServiceNow's "import set" tables (e.g., ldap_group_import). Then, a Transform Map processes this import set data and maps it to the target table, which is typically the sys_user_group table for groups.

 
 
 

 

The "update" behavior happens because of the Coalesce setting on the Transform Map. Coalesce fields tell ServiceNow how to identify existing records in the target table. If a match is found based on the coalesced field(s), the existing record is updated. If no match is found, a new record is inserted.

  • Navigate to System LDAP > Transform Maps.
  • Find the Transform Map associated with your LDAP group import (e.g., "LDAP Group Import").
  • Open the Transform Map record.
  • Go to the Field Maps related list.
  • Identify the field map that maps the AD group name (e.g., sAMAccountName or cn) to the ServiceNow name field on the sys_user_group table.

 

 

0 Helpfuls

Go to solution
CarolMa6
Tera Expert
In response to tiagomacul

‎05-22-2025 07:49 AM

@tiagomacul 

found the field shown below if the coalesce field is set to "false" for "usamaaccountname" then no group updates will sync with ServiceNow? 

 

CarolMa6_0-1747925354875.png

 

0 Helpfuls

Go to solution
Ankur Bawiskar
Tera Patron
Tera Patron

‎05-22-2025 08:16 AM

@CarolMa6 

you don't want any group sync to work from AD to ServiceNow?

If yes then do this

1) search for the transform map which has target table as sys_user_group configured for your LDAP data source

2) deactivate that

It should be something like this but please search in your instance

AnkurBawiskar_0-1747926985483.png

 

If my response helped please mark it correct and close the thread so that it benefits future readers.

Regards,
Ankur
Certified Technical Architect  ||  9x ServiceNow MVP  ||  ServiceNow Community Leader