Tobias

+1, we need the feature to delete passwordstate folders + lists and remove AD security groups. Doing this manually is time-consuming and human errors might occur more easily.

Hi support-team, to reproduce the issue please try the following: 1. open the active directory users and computers and select the OU you wish to restrict the access to 2. right click on the OU and select properties... -> Security 3. open the "Advanced" menu 4. add the privileged user account (principal), set Type to "deny" and Applies to "this object and all descendant objects" Then you should be able to reproduce this issue. Best regards Tobias PS/FYI: we move disabled user accounts to a OU with restricted access before we delete them because some applications simply ignore the "disabled" status in the AD. By moving them to a OU where other "privileged accounts" have no read-access we have a workaround for those applications.

The problem is that I got no warning that some process or syncing groups was failing and it took a lot of time to find out the root cause. If you expect that customers will want to know about this, I'd recommend a specific and more visible error message that the synchronization fails because of this. Not even the error console shows this error if the sync fails in background. This error however may be worth a notification 🙂 Best regards Tobias

Hi support-team, it is indeed some kind of a permission problem. I added the privileged account to the domain admin group and in worked just fine. I've created a workaround by adding the required permissions to the OU to the privileged user. This is a new issue, however. All applications I know interpret users they cannot read as non-existent, so this might still be worth investing on your side. The whole synchronization process crashes for any group where members are present to which the privileged user has no read-permission. For the purpose of synchronizing groups I'd say that those users can simply be ignored which I suppose was the case before one of the latest builds. I cannot say exacly when the synchronization started failing because we only noticed it last friday. I can only say that this issue exists in build 9381 and 9400. Thank you and best regards Tobias

Hello, we're using the build Versions 9400 (test) and 9381 (live). There still seems to be an issue with the AD Group synchronizsation in both builds. When one user is moved to a different OU, the sync for the group fails. When starting the sync manually I'm redirect to the default "An Error Has Occurred" - Site. The Error Console shows the following information: The AD Group debug function in the Security Groups menu also ends ends in an error. Moving deactivated users to a different OU is a standard process in our company, so we cannot simply move users to their original OU. Is this issue already being invested or any workaround available? Thank you very much and best regards Tobias