Issue Description

User reportss the VDC auto-create a new user group with new number xxxx_0 and xxxxx_1 and move all AD users to the new group.

Error/Warning Information

Handling Process

1. Check VDC operation logs within one week, did not found user manually create the group.
   

2. Confirm with the user, they only do changes on the AD user group which is modifying the authentication method from LDAP to Radius.
   

3. Check the LDAP import method is selecting "Import OUs from LDAP server" every hours.

4. As per confirmation, for the first time VDC synchronizing LDAP OUs group to VDC, VDC will create a new AD group and it will tag with "AD attribute" by default. So, every time when AD doing sync periodically will check if the AD groups exist, VDC will not create a new group.

   For the current situation, when the user does edit/modifying the AD group
   (Ex: Authentication method), the group will become "Local attribute" not "AD attribute" anymore. Therefore, when AD doing a periodic synchronization, it will detect there is a local group, so it will auto-create a new AD group like xxxxxx_0, xxxxxx_1 with "AD attribute"and import all the AD users to the new group.

5. For the alternative way, we suggest user to do modification on selecting "ALL" user but not doing changes on AD user group.
   

Solution

LDAP synchronization logic problem, suggest do not modify AD user group.