- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-22-2025 07:01 AM
Hi,
How do I prevent AD from updating ServiceNow group information. Can this be done on the ServiceNow side if yes where do I configure this. Whenever AD touches ServiceNow groups that automatically updates the changes in ServiceNow we want to prevent this from happening.
Please help
Regards
CarolMa
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-25-2025 09:30 PM
Hope you are doing good.
Did my reply answer your question?
If my response helped please mark it correct and close the thread so that it benefits future readers.
Ankur
✨ Certified Technical Architect || ✨ 9x ServiceNow MVP || ✨ ServiceNow Community Leader
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-22-2025 07:15 AM
AD populates the staging table and that data gets used in transform map to update user table. If this is the case, I would recommend to check your data source for respective LDAP and modify the transform map accordingly for group update.
If this helped you. Pls mark my answer help and accepted.

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-22-2025 07:15 AM - edited 05-22-2025 07:16 AM
Preventing Active Directory (AD) from updating ServiceNow group information requires careful configuration within ServiceNow, primarily within the LDAP Integration and Transform Maps.
Here's how you can approach this on the ServiceNow side:
Understanding the Problem: How AD Updates ServiceNow Groups
When you integrate ServiceNow with AD via LDAP, a scheduled import job runs periodically. This job pulls data from AD into ServiceNow's "import set" tables (e.g., ldap_group_import
). Then, a Transform Map processes this import set data and maps it to the target table, which is typically the sys_user_group
table for groups.
The "update" behavior happens because of the Coalesce setting on the Transform Map. Coalesce fields tell ServiceNow how to identify existing records in the target table. If a match is found based on the coalesced field(s), the existing record is updated. If no match is found, a new record is inserted.
- Navigate to System LDAP > Transform Maps.
- Find the Transform Map associated with your LDAP group import (e.g., "LDAP Group Import").
- Open the Transform Map record.
- Go to the Field Maps related list.
- Identify the field map that maps the AD group name (e.g.,
sAMAccountName
orcn
) to the ServiceNowname
field on thesys_user_group
table.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-22-2025 07:49 AM
found the field shown below if the coalesce field is set to "false" for "usamaaccountname" then no group updates will sync with ServiceNow?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-22-2025 08:16 AM
you don't want any group sync to work from AD to ServiceNow?
If yes then do this
1) search for the transform map which has target table as sys_user_group configured for your LDAP data source
2) deactivate that
It should be something like this but please search in your instance
If my response helped please mark it correct and close the thread so that it benefits future readers.
Ankur
✨ Certified Technical Architect || ✨ 9x ServiceNow MVP || ✨ ServiceNow Community Leader