Expand my Community achievements bar.

Submissions are now open for the 2026 Adobe Experience Maker Awards.
Apply Now

Security and Group Users - Issue

Avatar

Level 4
Level 4
9/24/25 11:24:56 PM

Hi,

 

We have many security/groups created under PR and PN node, and we have added many users into those groups manually under both nodes. This is under use from many years, and also currently we are utilizing this for adding/removing people, but from past week we are facing a issue. We created a new group and checked same thing occurred.

 

Issue description: The users are getting removed from the PN instance frequently. The created group is present but the users are getting vanished. This is creating a huge impact.

But its working as expected on PR instance.

 

So, please help regarding this.

 

Thanks,

Shreyas.

 

 

Views

62

Replies

4
Sign in to like this content

Total Likes

Translate
Translate
4 Replies

Avatar

Employee
Employee
9/25/25 12:24:34 AM

Hi @Shreyas_tm.,

Can you please confirm if this is related to AEM Forms on JEE or AEM Forms on OSGI. This information will help us to answer your question appropriately.

 

Thanks

Pranay

Views

52

Replies

2
Sign in to like this content

Total Likes

Translate
Translate

Avatar

Level 4
Level 4
9/25/25 2:12:27 AM
In response to Pranay_M

Its AEM Forms on JEE, but does it have impact. Because we are add the users to groups through the inbuilt feature of AEM forms.

 

Thanks,

Shreyas

Views

43

Replies

1
Sign in to like this content

Total Likes

Translate
Translate

Avatar

Employee
Employee
9/25/25 5:14:44 AM
In response to Shreyas_tm

Hi @Shreyas_tm,

 

Thank you so much for sharing the information.

 

Thank you for reporting the issue regarding users being automatically removed from groups on the PN instance in your AEM Forms JEE environment. We have analyzed the behavior, and here are our initial findings and next steps:

Observations

  • The issue is specific to the PN instance. Groups are created successfully, but the user memberships are getting removed automatically after some time.

  • On the PR instance, group memberships remain intact and function as expected.

  • The same behavior occurs for newly created groups, indicating this is not limited to older configurations.

Possible Causes

Based on how User Management works in AEM Forms JEE:

  1. Directory/LDAP Synchronization – If directory synchronization is enabled, the PN instance may be running a scheduled sync job that overwrites or removes manual group memberships. There is a configuration setting in User Management to “Preserve local group membership”; if this is disabled, manual changes may be lost.

  2. Cluster Behavior – In a clustered JEE deployment, user/group data is stored in the common User Management database. If PN is not fully synchronized with the shared DB or has an inconsistent configuration, it can refresh its local cache and appear to “drop” memberships.

  3. Configuration Differences – There may be configuration mismatches between PR and PN in adminui > Settings > User Management > Configuration > Directory Management, which can lead to different sync or cleanup policies.

Recommended Next Steps

  1. Verify Directory Sync Configuration

    • Please confirm whether LDAP/Directory sync is enabled on PN.

    • In AdminUI > Settings > User Management > Configuration > Directory Management, check if the option Preserve local group membership is enabled.

  2. Review Logs on PN

    • Check um.log and server.log on PN around the time the users are removed for entries related to Directory Sync or membership removal.

  3. Check Database Consistency

    • Since User Management is backed by the database, we should verify that the group membership entries exist in the EDCPRINCIPALENTITY and related UM tables after adding users on PR. This will help confirm if memberships are actually being removed from the database or only from PN’s local view.

  4. Ensure Consistent Configuration Across PR and PN

    • Export the User Management configuration XML from AdminUI on both PR and PN and compare them. Both nodes must share identical configurations to ensure consistent behavior.

Interim Workaround

  • Until this is resolved, please make all group membership changes from the PR instance. This ensures that changes are committed correctly to the shared UM database.

  • If LDAP sync is not required on PN, consider disabling any scheduled Directory Sync jobs there to prevent overwriting of local memberships.

We recommend performing the above checks, and once we have the logs and configuration details, we can provide you with more specific guidance.

 

Thanks

Pranay

Views

26

Replies

0
Sign in to like this content

Total Likes

Translate
Translate

Avatar

Administrator
Administrator
9/25/25 2:06:43 AM

@Shreyas_tm Checking in—were you able to solve this? If you came up with a solution yourself, sharing it would help others facing the same problem. Also, marking a helpful reply as accepted makes it easier for future readers. Thanks for contributing!



Kautuk Sahni

Views

46

Replies

0
Sign in to like this content

Total Likes

Translate
Translate
Related Conversations
What is the difference between Core Components, Foundation Components, and Edge Delivery Service Components? Solved

Views

363

Like

1

Replies

1
adobe-aem-forms-jee-hotfix2-6.5.23.0-linux-jboss causing issue with Solved

Views

1.0K

Likes

0

Replies

12
adobe-aem-forms-jee-hotfix-6.5.23.0-win-jboss.zip patch issues Solved

Views

732

Likes

0

Replies

2
How to integrate Data dictionary and FDM? Solved

Views

401

Likes

0

Replies

4
AEM-Forms reference theme issue Solved

Views

305

Likes

0

Replies

2