https://community.checkpoint.com/t5/Firewall-and-Security-Management/Identity-Awareness-Collector-does-not-synchronize-with-the-AD/m-p/145351#M22885 <P>Hmm, I was wondering what is the reason this is off by default on IDC (<SPAN>sk169120</SPAN>)? Does it mean that Checkpoint do no recommend having it ON for IDC?</P> <P>&nbsp;</P> <P><STRONG>Automatic LDAP Group Update -&gt; AD-Query</STRONG><BR /><SPAN>Identity Awareness automatically recognizes changes to LDAP group membership and updates identity information, including Access Roles.</SPAN><BR /><SPAN>Is&nbsp;</SPAN><STRONG>on</STRONG><SPAN>&nbsp;by default.</SPAN><BR /><BR /><STRONG>Automatic LDAP Group Update -&gt; Identity collector<BR /></STRONG><SPAN>Is&nbsp;</SPAN><STRONG>off</STRONG><SPAN>&nbsp;by default.</SPAN></P> Mon, 04 Apr 2022 07:21:37 GMT abihsot__ 2022-04-04T07:21:37Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Identity-Awareness-Collector-does-not-synchronize-with-the-AD/m-p/145062#M22863 <P>We encountered a problem that Identity Awareness Collector is not synchronizing the information with the AD server.<BR />It does not automatically detect an account from the AD server that is in the LDAP group to the Access Group in the SmartConsole, so users cannot go online even though they are in the access group.<BR />We enabled the #pdp idc groups_update on parameter and updated the user information with the #pdp update specific command , but no result.<BR />For example, I log in to the workstation with my account and when I view #pdp monitor ip I see my user, then another user logs in to the same workstation and when #pdp monitor ip it shows my account and not the account of the new user.<BR />How can we trawl this problem?<BR />Maybe Identity Collector can increase synchronization interval with AD server and set it automatically? Maybe someone has encountered this problem and knows what command to enter to make this automation work. R81 cluster.</P> Wed, 30 Mar 2022 13:27:56 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Identity-Awareness-Collector-does-not-synchronize-with-the-AD/m-p/145062#M22863 Hllrdm 2022-03-30T13:27:56Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Identity-Awareness-Collector-does-not-synchronize-with-the-AD/m-p/145263#M22864 <P>Did you also check:&nbsp;<A href="https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&amp;solutionid=sk105165" target="_blank">https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&amp;solutionid=sk105165</A>&nbsp;</P> Fri, 01 Apr 2022 16:29:55 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Identity-Awareness-Collector-does-not-synchronize-with-the-AD/m-p/145263#M22864 PhoneBoy 2022-04-01T16:29:55Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Identity-Awareness-Collector-does-not-synchronize-with-the-AD/m-p/145351#M22885 <P>Hmm, I was wondering what is the reason this is off by default on IDC (<SPAN>sk169120</SPAN>)? Does it mean that Checkpoint do no recommend having it ON for IDC?</P> <P>&nbsp;</P> <P><STRONG>Automatic LDAP Group Update -&gt; AD-Query</STRONG><BR /><SPAN>Identity Awareness automatically recognizes changes to LDAP group membership and updates identity information, including Access Roles.</SPAN><BR /><SPAN>Is&nbsp;</SPAN><STRONG>on</STRONG><SPAN>&nbsp;by default.</SPAN><BR /><BR /><STRONG>Automatic LDAP Group Update -&gt; Identity collector<BR /></STRONG><SPAN>Is&nbsp;</SPAN><STRONG>off</STRONG><SPAN>&nbsp;by default.</SPAN></P> Mon, 04 Apr 2022 07:21:37 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Identity-Awareness-Collector-does-not-synchronize-with-the-AD/m-p/145351#M22885 abihsot__ 2022-04-04T07:21:37Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Identity-Awareness-Collector-does-not-synchronize-with-the-AD/m-p/145372#M22888 <P>Maybe&nbsp;<a href="https://community.checkpoint.com/t5/user/viewprofilepage/user-id/8232">@Royi_Priov</a>&nbsp;can comment on why this is.</P> Mon, 04 Apr 2022 13:28:57 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Identity-Awareness-Collector-does-not-synchronize-with-the-AD/m-p/145372#M22888 PhoneBoy 2022-04-04T13:28:57Z