LDAP Sync - Group memberships not completely populating

Guy Cooke · ‎05-15-2020

Hello,

I am experiencing a problem whereby a set of Active Directory groups sync to ServiceNow via LDAP, but the memberships only partially carry through.

What I mean by partially carry through is that some of the memberships appear on some groups, some carry through completely, and some get no memberships at all. All group managers have pulled through, but where they are also members, they have not. Some of the users missing have roles, and some do not, the same goes for other group memberships in ServiceNow, but none of the other memberships are via LDAP. I can see all of the included and missing users synced via LDAP in the user table.

The group memberships are 100% in order in Active Directory, and all groups are setup in the same way. I am using the out-of-the-box scripts. I have edited the Import Set fields to allow for strings far longer than what is required. I believe that I have all of the required attributes in sync, including "member".

Any assistance with this would be greatly appreciated.

Mike Patel · ‎05-15-2020

go to user that is missing membership in SN and verify source field. If the source is not full then go to ldap_import.list table and make sure length of source field and do same on ldap group table.

Guy Cooke · ‎05-17-2020

Thank you Mike,

I've checked the source fields again, as you suggested, but all appears to be in order.

I've also done comparison against a working user and a non-working, but I couldn't see any flaws. These have also been compared to AD.

I can't see how it would be the field lengths as some of the visible users have longer names/sources than non-working users.

However, I checked the field length to be sure, but I can't see any issues.