KNOWN ISSUE: All members between cross domains are not imported when using the Role and Account import rule within AD Import

Article:TECH188173  |  Created: 2012-05-07  |  Updated: 2012-08-30  |  Article URL http://www.symantec.com/docs/TECH188173
NOTE: If you are experiencing this particular known issue, we recommend that you Subscribe to receive email notification each time this article is updated. Subscribers will be the first to learn about any releases, status changes, workarounds or decisions made.
Article Type
Technical Solution


Issue



AD ‘Import Role and Account’ rule ignores members of importing group (AD users and groups):
a. Located in others (independent) trusted Domains
b. Located in other Parent/Child Domains

To reproduce the issue:

1. Have an Active Directory forest with at least 2 Active Directory Domains (e.g. DomainA, DomainB)

2. Create a User ID in DomainA named User1

3. Create a UserID in DomainB named User2

4. Create a AD Security group in DomainA named SMPAdmins, and make it a universal group.

5. Add DomainA\User1 and DomainB\User2 into the AD group DomainA\SMPAdmins

6. On the SMP, configure the Role and Account to import from DomainA, from SMPAdmins group.  Run the rule.

7. It will create the associated role (DomainA\SMPAdmins) along with the user (DomainA\User1) however it will not create DomainB\User2.

 


Environment



Symantec Management Platform 7.1 SP2
SMP 7.1 SP2 Rollup v2, v3, v4


Cause



Known Issue.


Solution



This issue has been reported to the Symantec Development team. A permanent fix will be provided in the next major release , in this case ITMS 7.1 SP2 MP1 and ITMS 7.5.


Supplemental Materials

SourceETrack
Value2723889, 2731783, 2717965



Article URL http://www.symantec.com/docs/TECH188173


Terms of use for this information are found in Legal Notices