cancel
Showing results for 
Search instead for 
Did you mean: 
Mindcrime
Level 9

Importing users using SAM account/User logon names...

Jump to solution

Just got 6.01 installed, started setting up my groups and throwing some users into said groups to begin my testing. I'm seeing some weird things and I'm not really sure what to do from here.

Two problems:

1) When I register our domain controller in the registered servers section and test the connection, no problem - everything works great. If I try and modify any of the fields in the AD/Synch server task it says it can't communicate with the LDAP server - I have no idea why and neither did support. This is the screen I get if I click the ... button:

LDAP.JPG

So it wouldn't let us use the drop down interface, so we simply typed in "samaccountname" under the "Display Name" field, since that's apparently what it was generating the user accounts as. The tech told me to re-run the synch task and it should be good to go, but it's totally not.

ADsynch.JPG


The most frustrating part of this is that the users in ePO show up like they should - with their logon names, like USER1 instead of Jones, Tom - which is what I have to currently type in to get by SafeBoot. Am I missing something here? I'm beyond frustrated and I'm hoping someone else has done this before and has had success getting this to work.

0 Kudos
1 Solution

Accepted Solutions
jsiergiej
Level 9

Re: Importing users using SAM account/User logon names...

Jump to solution

you should use samaccountname for the User Name field in order to type tjones instead of Jones, Tom.

0 Kudos
7 Replies
jsiergiej
Level 9

Re: Importing users using SAM account/User logon names...

Jump to solution

you should use samaccountname for the User Name field in order to type tjones instead of Jones, Tom.

0 Kudos
SCtbe
Level 12

Re: Importing users using SAM account/User logon names...

Jump to solution

And you should use "samaccountname" in both fields - User Name and Display Name in order to allow SSO work correctly (with "Must match user name" option checked).

To get rid of error on first screen you should use "Administrator" named domain administrator user account.

0 Kudos
jsiergiej
Level 9

Re: Importing users using SAM account/User logon names...

Jump to solution

Where is the "Must match username option?"   I was always told you only needed the User Name field set to samaccountname.  If there documentation for setting the display name and why both should be set to samaccountname?

0 Kudos
Mindcrime
Level 9

Re: Importing users using SAM account/User logon names...

Jump to solution

SCtbe wrote:

And you should use "samaccountname" in both fields - User Name and Display Name in order to allow SSO work correctly (with "Must match user name" option checked).

To get rid of error on first screen you should use "Administrator" named domain administrator user account.

What do you mean by I should use "Administrator named domain administrator user account"? I'm not exactly sure what you're saying here - the account I'm using in the server registration is a domain administrator account and it tests successfully. The only time I see that error is when I click on the button in the EEPC section.

0 Kudos
jsiergiej
Level 9

Re: Importing users using SAM account/User logon names...

Jump to solution

Nevermind, I found the "Must match username" option. So why do you need to have samaccountname in the Display Name field again?  Why isn't samaccountname in the User Name field sufficient?  My SSO has been working fine this way.

In regards to the username used for registered servers, from what I've read, you don't even need to use a domain administrator account in the registered server section. I am using a regular user level account and it works fine.

Message was edited by: Jack Siergiej on 6/21/10 10:09:26 AM CDT
0 Kudos
SCtbe
Level 12

Re: Importing users using SAM account/User logon names...

Jump to solution

To see list with attributes, user have to be "Administrator", not john, frank, etc. but Administrator, but this have no impact to proper task execution only to the ability to see list of attributes.

Jack, but when you use something different attribute than "samaccountname" in "Display Name" then actually you will see this attribute when you run EE: Users query, this looks like EE users are stored under this name.

I know that Display Name should have only display meaning, but I'm afraid it's not.

This has something to do with KB68096 issue, but my test shows that this is more than "cosmetic" issue.

My test shows that when User Name is not the same as Display name then SSO with "Must match user name" option set do not work.

0 Kudos
peter_eepc
Level 15

Re: Importing users using SAM account/User logon names...

Jump to solution

Plus, many GUI operations and queries are simply confusing if those two fields do not match.

0 Kudos