In a hierarchy filters created by importing AD security groups are not populated on child servers
Last Updated July 07, 2017
* A 1x4 hierarchy has been established.
* The parent SMP is importing AD Security Groups. Filters related to each security group are created/updated during the import.
* The filters are eventually replicated down to the child servers, but the filters never have any members populating them.
Symantec Management Platform 7.6, 8.0
The filters pull their membership from the table Inv_Security_Groups, which is only populated on the parent because the parent is the only server importing them.
Since the data for these filters does not naturally replicate down a replication rule must be configured to send the data down to the respective servers.
1. On the parent create a filter that identifies all computers whose source or owner is a specific child. In this example, where there is a 1x4 there will be four filters created. Each filter will identify the computers owned by a specific server.
For example the first filter would be named something like "Computers owned by SMP_Child_A"
The following SQL could be used to identify those computers (and adjusted for the other filters)
from vRM_Computer_Item c
join ItemNSSource ns on ns.ItemGuid = c.Guid
join OriginNSSourceNS osns on osns.Id = ns.OriginNSSourceNSId
join vSource vs on vs.Guid= osns.SourceNSGuid
where vs.Name ='SMP-T2.Gamegrid.local'-- Name of the child SMP FQDN
2. In the console go to "Settings > Notification Server > Hierarchy > Replication > Resources"
Right click on the “Resources” folder and select “”
3. Give the rule the following attributes
Name of the rule “Replicate Security Group info to SMP_Child_A”
Select the “Resource Targets” radio button to enable it, then click on the link to the right and search for the filter for that server e.g “Computers owned by SMP_Child_A” and add it to the box on the right.“OK”
Click on the link to the right of “Data Classes”. The list will probably be blank.In the “Group” pulldown menu select “Directory Connector” then add “Security Groups” into the box on the right.“OK”
Click on the link next to the “Destination” tag and select the destination server, which will be the server whose members are in the previously selected filter.
The credentials can usually be left as the default. Otherwise specify those needed to replicate to the destination.
Set the desired schedule. This may be a daily event, or multiple times per day.
Enable the rule so that it will run at the desired time(s). “Save Changes”.
4. Repeat for each child in the hierarchy that needs the Security Groups data class information.
Subscribing will provide email updates when this Article is updated. Login is required to Subscribe