Active Directory Group import in Service Desk 7
Updated: 25 Aug 2010 | 8 comments
Hello,
I have a Service Desk 7 up and running.
I connected it to the Active Directory of my company AFTER the installation.
I need to import a whole Global Group of Technicians in the Service Desk database, but I encounter the following issues:
- the groups I import are empty
- there is no way to add a whole AD group to a Service Desk Group
Has somenone an idea to help me go further in this integration?
Thank you very much
David
discussion Filed Under:
Comments
Make sure you add the group
Make sure you add the group youre importing in the list where imported AD users are added too. By default all AD users only go to the "All Users" group.
Rob Hilberding Sr. Consultant ExpressAbility www.expressability.com
Same Issue
David - I have the same problem that you do. My AD users import fine and are placed into the "All Users" group provided by the application. When I browse my user list and look into any AD group they are empty. I have even modified the application settings to relate the internal group to the AD group hoping that it would work anyway...no success.
Hi Chris, Thank you for your
Hi Chris,
Thank you for your answer. Actually, during the night, ONE group has been completed on the server. I think there is a relationship with the Account that performs the synchronization. Typically, admin@logicbase does not have any right on the AD.
I test that and keep you informed.
David
Any update on this?
Any update on this? Mine seems to only import some of the newer AD groups. Some users and groups are synchronized and some are not.
It might be an issue with
It might be an issue with usernames that are to long. Create a short username that belongs to a group that hasent been synced with it's members and see if that makes any difference.
For those who are still
For those who are still looking for a solution to this. I just got off the phone with technical support and supposedly this is a known issue. There is a maintenance release that will be coming out by the middle of this month to fix the issue.
Escape characters in AD object full names
Yes, there is a maintenance release coming out this month that dramatically improves the performance and usability of the active directory integration in ServiceDesk. The problem being discussed on this thread is likely caused by a system of badness, but the key issue here is likely that some user objects in the AD have commas in the full names, or some other character that must be escaped. This is obviously not uncommon, but the ServiceDesk AD sync cannot handle this case. Specifically, group membership synchronization involves parsing the canonical name of each member object found for a group. This parse is failing because it is not expecting escape characters, thus the membership data is not syncing.
This has been fixed in the upcoming release.
The second part of your question is trickier. Even with the new release, there is no way to map AD groups onto native ServiceDesk ones outside of the post-install setup wizard, which should not be run but once, immediately following instlal. This is just something we missed and need to add a UI for in the portal. Likely this will be a general tool in the portal to clone the permissions of one group onto another. Look for this is in a service pack later this year. For now, one could workaround this by writing some sql.
Stu Perkins
Still having problems with MR1 installed
I just install MR1 and still have the same problem. The AD groups are imported properly, but no users are imported from those groups. Any ideas?
Would you like to reply?
Login or Register to post your comment.