We saw some strange things with our IDM system yesterday and I was
hoping the fine folks here might be able to shed some light on things.
At a very high level our setup looks like this:
AD -> IDVault <-> AuthTree
Currently the AD driver does not write to AD, just reads and syncs to
the IDVault. We have a few groups that flow from AD into IDVault.
Yesterday at approx 12:46pm something happened to all those groups, the
members were removed, but the EquivToMe attr remained. After checking
our AD audit software I do not believe the change originated in AD.
A related item; our AD stopped last night due to the service account in
AD password expiring, but that happened almost 12 hours after the issue
with the groups. Also, we have a dev system connected to the same AD
that was not affected.
Unfortunately most of my logs have rolled over, and I don't have the AD
driver trace, but I do have the edir<->edir trace.
Any thoughts on what would cause this behavior?