KNOWN ISSUE: AD Import no longer imports users into roles when OU contains '/' character
Last Updated June 14, 2012
When attempting to import users who are apart of an AD Security Group, which has the '/' character in the name e.g. Groups/Users, users who are members of the security group are not imported into the SMP 7.1 SP2 despite the Security Role being created. This was not an issue in SMP 7.1 SP1.
Steps to Reproduce the Issue:
1) Create a Security Group in AD which contains the '/' character e.g. Groups/Users and add a couple of users as members to the Security Group 2) On the SMP Server Navigate to Actions -> Discover -> Import Microsoft Active Directory 3) Configure the 'Import Role and Account' rule to import the Security Group you created in Step 1 4) Run a Full Import 5) Now navigate to Settings -> Security -> Account Management and select Roles 6) Locate and select the Security Group you create in Step 1 (The name of the newly created group should be Domain\Groups_Users - This is normal and also occurs in SMP 7.1 SP1) 7) You will now see that there are no members added to the Security Group.
If you implement the above steps in SMP 7.1 SP1 then the users who were assigned to the Security Group as per Step 1 will be populated in the Members list
No error is seen, however no imported users are added to the custom Security Role.
The way in which the Active Directory Connector in SMP 7.1 SP2 searches group members was changed from the way this was accomplished in SMP 7.1 SP1.
This issue has been reported to Symantec Development team. This issue is currently scheduled to be resolved in next major Symantec Management Platform release (SMP 7.5).
A fix has been added to the SMP 7.1 SP2 Rollup v4 (See HOWTO64413)
In the interim it is recommended that any Security Groups that you are intending to import from AD should not contain the '/' character.
Symantec Management Platform 7.1 SP2
ID: 2677568, 2687977
Imported Document ID: TECH180929
Subscribing will provide email updates when this Article is updated. Login is required to Subscribe