I went through the quick setup guide that is provided within this area, and I have everything setup, I have 2 LDAP Servers
defined within the Registered Servers, and ran the test connection and they report back that they can successfully talk to
the Domain Controllers. When I attempt to run a EE LDAP User/Group Sync, it tells me it Completes without any issues,
but when I look in the Encryption Users List, there are no users defined at all. Did I skip a step? What level of AD rights
are needed on the account that is doing the sync? Currently I have Domain Users and that is it for rights as I would prefer
keep it as low as possible. I am working with ePO 4.5 Patch 3, and EEPC 6.0 Patch 1, this is running on a Windows 2008
R2 box with all the latest updates, using a SQL 2008 R2 Express.
How are you adding users to the machines? Do you have Add Local Domain users enabled or are you just manually assigning users to machines?
I haven't even gotten to that phase, I am still trying to populate my Encryption User List to even get to the
point where I can start assigning users to machines.
As far as I know it does not work that way. If you go to Menu > Data Protection > Encryption Users and select a machine from your tree. Then select Add Users it will let you search your LDAP server for the users you want to add. If you want to add a whole group or OU of users to a system tree branch you can do it the same way by highlighting the system tree branch and then selecting the Group Users tab and assigning the correct users or group of users by selecting it from your LDAP server.
That may be the case, I'm working on get 6.0 setup and sort of a rookie at it compared to 5.0 which is where a lot of
our machines are, we are trying to get everything moved over to 6.0. If that is the case of how you select users to be
assigned, on my Encryption Users Tab I don't see users or machines, and the OU Structure of AD isn't even present
yet, which I know should appear. Just puzzled why the LDAP Test Passes and then the Sync doesn't work. I assume
I have to be missing something along the way.
correct I defined one for each domain, as we have quite a few. I tried using 3268 and using a Global Catalog but found
out that wasn't liked, so defaulted back to 389 and then it shows the Test Connection as a Pass, but never functions.
I figured since it passes that the credentials have enough permissions to do what they need, as it looks to only pull a
copy of the overall AD structure.
From Release Notes:
Domain users group does not appear in Encryption Users list (Encryption Users | Actions | Endpoint Encryption | View Users), however the expected users from the group appear in EE users query (Menu | Reporting | Queries | Shared Groups | Endpoint Encryption, then click Run in EE: Users).
So try to run that report.
Use this option to register a Windows Active Directory. You must have a registered AD to use Policy Assignment Rules, to enable dynamically assigned permission sets, and to enable automatic user account creation.
You can create many tasks that run at scheduled intervals to manage the ePO server and Endpoint software.