What is a one sentence summary of your feature request?
Add the ability to sync AD-groups based on their “GUID” instead of the “distinguished name”
Please describe your idea in detail. What is your problem, why do you feel this idea is the best solution, etc.
The renaming of onpremise AD-groups gets currently not recognized by the epp server as it only knows the distinguished name(path) of the corresponding AD-group and not the GUID. The problem is, that the “path” is changing when you rename an AD-group. Then EPP is not recognizing this group with the new name and you have to start a whole process of workarounds to get to the same state with the new groupname.
Am I missing something or is our “workaround” described below really the only solution to manage the renaming of onpremise AD-groups? Maybe it is behaving differently with the Azure AD, but that is currently not an option for us.
Looking forward to your reply.
How do you currently solve the challenges you have by not having this feature?
In order to be able to manage this AD-group with the new name, you have to delete the group with the old name from the AD-sync-job and add the group with the new name to get it synced again. Then you have to give the newly added group(with the new name) under device control the same rights/settings as the old group(with the old name). Once you have done that, you are able to delete the group with the old name from the device control section. If you also have configured this group in the content aware section, you have to start this procedure all over again there.
If the sync of AD-groups would be set up based on the GUID of the groups, you wouldn’t have to do all the things mentioned above. You simply rename the group in de AD, GUID stays the same, sync in EPP stays the same, group name would simply be renamed in EPP and you do not have to edit any policies or settings.