I have a LinuxUnix driver that controls both user accounts and group
memberships. I've implemented Entitlements for Group memberships.
(IDM 402) So when a "Group" entitlement is granted it adds the user to
the /etc/groups on the Linux Server. If the "Group" entitlement is
Revoked, the user is removed from the group on the connected system.

Here is the scenario: I have a user with the LinuxOrUnix entitlement
granted (which Provides the User account to be Created). In addition
that user also has 5 "Group" entitlements that grants access to various

If I revoke the LinuxOrUser entitlement (but leave the group
entitlements untouched) It has the desired effect of deleting the User
account from the Connected System along with deleting the user from the
group memberships on the connected system.

However, when I re-grant the LinuxOrUnix entitlement again. (The user
paid their bill) The group entitlements do not get re-processed. And
the user is provisioned to the Connected system with no groups.

How would I go about getting the driver to query back during an add and
re-granting/re-provisioning the group entitlements that the user is
already associated with within the Vault?

(I did find a workaround by revoking the granting the group membership

markgard's Profile: https://forums.netiq.com/member.php?userid=347
View this thread: https://forums.netiq.com/showthread.php?t=47588