2 of 2 people found this helpful
I can confirm the solution you describe at the end. We use ITSM and synchronize the Permission Groups/Users from AD.
The idea behind is that we have a mapping Table as AD (of course) doens't contain the Permission Groups names from ITSM.
So we do everything in a quite complex AI Job where we take records from AD (LDAP) and existing users from CTM:People. Then we have to care about the Licenses, Permission Groups, Application Licenses, People Record Status, etc.... At the end the user is created/modified/deprecated from the point of view Permissions/Licenses/Existence in AD in User/CTM:People form. For the Permissions attribute that comes from AD we map Permission Groups of ITSM (custom mapping which we define and can modifiy in a regular form). We don't even use a staging form in this whole AI Job.
For you this all should be much easier as you have only ARS you don't need to care about the Groups mapping and you can create the Groups Names exactly as it comes from AD. Then for the rest it is also much easier to care only for User form as you don't have the CTM:People.
hope it helps a bit
The user need not be an AD only user to validate users membership against AD. You can validate if your user present in AD as well as user form.
Vinayak, could you please share some details on this?
How do you verify a users AD group memberships while the user is an ARS User form user?
Can you please share your exact requirement.