Summary


A customer has said that a user is in a group in AD but this isn't in 365.



Cause


The user may not be in the group on prem, confirm in a team viewer session.


The user maybe in the group in the CS but not meta DB, if so see below.


The user maybe in the group in meta DB but not FIM, if so see below.


The user may not be in 365, it has to be in 365 to be in the group.



Solution


First check the group in FIM, is the member there and is it flowing to 365? Once confirmed in FIM confirm in the 365 portal too.


YryiuAaC8upsSzcZl2yNyCXNNArQFGAyIQ.png



If it's not in FIM first start with the CS, is it there?


You can use these commands, below is an example, replace all values with what ever you need them to be (in bold):


** This finds the details of the group **


select [MetaDB-SV_ID],* from [dbo].[a6cc9138-51df-41d9-93d2-11ffdf25874f_Objects] where samaccountname = 'Mathematics Department'


** This finds the member of the group, the stringval us the Object GUID of the user **


select * from [a6cc9138-51df-41d9-93d2-11ffdf25874f_objectsmV] where [iacguid] = '51BA8165-890D-4547-8F7E-40D6CA051EC0' and attribute = 'member' and stringval = '288FD8FB-EC67-4EFE-9456-2AFEBA1E9E90'


** This find the details and object GUID of the user **


select [MetaDB-SV_ID],objectguid,* from [dbo].[a6cc9138-51df-41d9-93d2-11ffdf25874f_Objects] where samaccountname = 'mathspuzzle'



kffeurLuyl-stDIWXNlO1fh8KiU4aJ29DA.png


If the user is in the group in the CS but not in meta DB the update last mod on the group and run an engine sync for the customer -


update [dbo].[d86c78a4-e99f-46ad-b3f3-10d7d6393438_Objects] set iaclastmod = getutcdate() where mail = 'jvanmeter@brookhill.org'


Then check meta DB using the same principal:


** This finds the details of the group **


 Select mail, [MetaDB-SV_ID],samaccountname, * from [dbo].[MetaDB-SV] where samaccountname = 'Mathematics Department'


** This finds the member of the group, the stringval us the Object GUID of the user **


 select * from [MetaDb-MV] where [metaDB-sv_id] = 10255851 and attribute = 'member' and stringval = '288FD8FB-EC67-4EFE-9456-2AFEBA1E9E90'


** This find the details and object GUID of the user **


 Select mail, [MetaDB-SV_ID],objectguid,samaccountname, * from [dbo].[MetaDB-SV] where samaccountname = 'mathspuzzle'



XClDGd7d6UQ8J8kUS-KrEsP3Gtyhrbs9mw.png



You can see from this example screenshot above that the user isn't in the group in meta DB, however if it was and its not in FIM update last mod on the group and run an engine sync -


date [MetaDB-SV] set iaclastmod=getutcdate() where mail = 'TeachingStaff@corsham.wilts.sch.uk'


Once the sync is done search the connector space on the meta DB MA on FIM1 and search for the metaDB  GUID of the group,  do a preview and it should populate your users:


47fit1S04o-G3zSdsvn3kM-PhK2-ZcnSwA.png