When a user in the Source domain has another group set as the Primary Group (not Domain Users group) this membership will not be preserved during the migration or synchronization, as end result the user will be removed from this group and added to Domain Users group.
By design of Windows when a User's Primary Group changes (primaryGroupID) that user's AD attribute "memberOf" no longer contains that Group DN as a value. The design nature of QMM is such that it relies on this attribute which AD has not populated.
Active Directory Users and Computers will show the Source Membership properly; however, the AD attributes are not actually populated.
Refer to Microsoft Knowledge Base Article "Microsoft Entra Connect excludes a user's primary group from its group membership" for more information:
Microsoft Entra Connect excludes a user's primary group from its group membership | Microsoft Learn
WORKAROUND:
Set the Source Users PrimaryGroupId = 513 (this is the primaryGroupToken of Domain Users).
Active Directory Users and Computers will show the Source Membership properly however the AD attributes are not actually populated.
© 2024 Quest Software Inc. ALL RIGHTS RESERVED. 이용 약관 개인정보 보호정책 Cookie Preference Center