Release date: 16th March 2020
This Orchestrator-centered release fixes a couple of AD integration trouble areas based on your feedback and according to some internal findings.
Beginning with this patch, adding built-in groups which don't have unique SIDs is no longer possible in Orchestrator. See here a list of well-known security identifiers in Windows operating systems. Worry not, if you already added such groups, and want to upgrade to 2019.10.18, the associated users can log in just as before, the change being you can no longer add new groups.
We do, however, recommend either deleting or disabling existing built-in groups, since they might have a negative impact on your security posture.
Previously, having issues with checking AD group membership prevented directory users from authenticating. Starting now, AD users whose inherited access-rights cannot be determined behave like local users, meaning they rely solely on explicitly-set access-rights.
- Windows authentication failed for a user that was member of two domains in a parent-child relationship, if the child domain DNS could not be resolved.
Updated about a month ago