KNOWN ISSUE: All members between cross domains are not imported when using the Role and Account import rule within AD Import
|Article:TECH188173|||||Created: 2012-05-07|||||Updated: 2012-08-30|||||Article URL http://www.symantec.com/docs/TECH188173|
|NOTE: If you are experiencing this particular known issue, we recommend that you Subscribe to receive email notification each time this article is updated. Subscribers will be the first to learn about any releases, status changes, workarounds or decisions made.|
AD ‘Import Role and Account’ rule ignores members of importing group (AD users and groups):
a. Located in others (independent) trusted Domains
b. Located in other Parent/Child Domains
To reproduce the issue:
1. Have an Active Directory forest with at least 2 Active Directory Domains (e.g. DomainA, DomainB)
2. Create a User ID in DomainA named User1
3. Create a UserID in DomainB named User2
4. Create a AD Security group in DomainA named SMPAdmins, and make it a universal group.
5. Add DomainA\User1 and DomainB\User2 into the AD group DomainA\SMPAdmins
6. On the SMP, configure the Role and Account to import from DomainA, from SMPAdmins group. Run the rule.
7. It will create the associated role (DomainA\SMPAdmins) along with the user (DomainA\User1) however it will not create DomainB\User2.
Symantec Management Platform 7.1 SP2
SMP 7.1 SP2 Rollup v2, v3, v4
This issue has been reported to the Symantec Development team. A permanent fix will be provided in the next major release , in this case ITMS 7.1 SP2 MP1 and ITMS 7.5.
|Value||2723889, 2731783, 2717965|
Article URL http://www.symantec.com/docs/TECH188173