While making a rule to check if the user is a member of a specific AD group, I noticed that when retrieveing the ad groups of the AD user using Authentication.UserGroups property, it doesnt show all the groups that are shown when viewing AD "Member Of" tab of the user in AD users and computers. When I perform the Authentication Test in the Settings> Authentication> AD Authentication, not all of the groups the AD user is a member of is shown. Any idea why this is the case?
How many groups are shown assigned to the user within AD? Though, I doubt you should run into a paging issue for MemberOf values.
And do you have a search base specified for what groups you're looking for? Or are you simply trying to return every group a user has?
I have selected both local and global.
For example, in my case, I am a member of 22 groups, but MWG shows only 12 in the Authentication test, even rule tracing shows the same 12 groups.
If it helps, out of the 12, one group I am not directly a member, but the group I belong to is a member so that shows up as me being a member which is ok.
The rule I am trying to create is checking if the user is a member of a group X, but it doesnt show the group in MWG even though it is there in AD
No, they were present in the group for more than 2-3 years, i recently migrated to 18.104.22.168 from 6.9.4. Same for my case.Initally "Get global groups" was only ticked, 6 hours back I enabled "get local groups" also. 15 mins back I tried the authentication test and yet it doesnt show all the groups. Only the same groups I saw earlier.