Video Screencast Help

How to import specific users from AD into Altiris Console?

Created: 28 Nov 2012 | 6 comments

How do i import specific users into the Altiris Console? I know how to drill down to an AD group containing the users, but I don't want to add all the accounts in the group.

Comments 6 CommentsJump to latest comment

andykn101's picture

I think you'd need to write an LDAP query and specify the Users individually in the query.

Authorised Symantec Consultant (ASC) with Endpoint Management Limited, an Authorised Symantec Delivery Provider based in the UK.

Connect Etiquette: Please "Mark as Solution" posts that fix your problem.

shafiq1's picture

No matter how I write the queries, the accounts don't import. For instance, i've tried:

(sn=rob*) ' to return all last names begining with rob

(&(objectClass=user)(|(sn=rob*)(sn=job*))) 'to return all users with last name beginning with rob or job.

 

My import rule is setup like:

Import User resources from domain starting from User Groups, Users and using the default column mappings and these resource associations. Import some users on the specified schedules.

I'm querying 2008 Microsoft AD

andykn101's picture

One I've seen working is:

(!(ou=Leavers,dc=Fabrikam,dc=local))

Try with something simple like that to make sure you've got no access or similar errors and edit from there, I've replaced the customers domain name with Fabrikam.

Watch the log while the import runs for errors.

Authorised Symantec Consultant (ASC) with Endpoint Management Limited, an Authorised Symantec Delivery Provider based in the UK.

Connect Etiquette: Please "Mark as Solution" posts that fix your problem.

shafiq1's picture

 I ran my rule again, but this time watching the log viewer as you suggested. the rule completed and actually says the resources were imported. I was expecting my rule to import 6 resources and the log stated that 6 were exported from AD and the same number imported into NS.

So it appears my query works, but why don't I see the accounts? My assumption is that after the import completes that I should be able to go to Settings>Security>Account Management>Accounts and see the imported accounts. This is what I have been checking after running the rule, but the accounts don't appear.

I did notice this bit in the final log record associated with the import rule:

Source: DirectoryImporter::DefaultEndExportHandler

Description: ************** Directory Import Id Import User resources from domain starting from domain, SystemUsers and using the default column mappings and these resource associations. Import some users on the specified schedules. (guid) has completed creating items and NS messages for data loading. Note: not all exported resources will appear in the NS console until the NS has completed loading all the data from the exported NS messages.

 

 

Since i've been running the rule for over a day now, the records should've shown up by now. I've checked the nscap for queued NSEs and what not, but the folder is empty. Any ideas on what else to check for or do differently.

 

andykn101's picture

I'd still try a different simple query and see if that works.

Authorised Symantec Consultant (ASC) with Endpoint Management Limited, an Authorised Symantec Delivery Provider based in the UK.

Connect Etiquette: Please "Mark as Solution" posts that fix your problem.

cnpalmer75's picture

I would try and add those 6 users to an AD group and import that single AD group. That would tell you if it's an issue with importing specific users.

Benjamin Palmer
Specialist | Client Design
Director | Symantec CT User Group

If you find this post helpful please give it a thumbs up!
If you find that this solves your problem please mark it as the solu