cancel
Showing results for 
Search instead for 
Did you mean: 
jsiergiej
Level 9

Not all group users can sign in to PBA

I added my Domain Admins group to the Group Users tab for My Organization.  There are 7 users in my Domain Admins group and only 5 of them  show up in the EE: Users query. 2 admin accounts are missing.

I have 3 laptops here and 2 admin users can't log into either, nor are  they in the MfeEpe.log.  One of the laptops, my own admin account can  log in because I assigned it directly to the laptop, but on the other  laptops I cannot and I am not in the MfeEpe.log on those machines.

I have set EE/LDAP task to sync with SAMACCOUNTNAME for username. This  works fine for users assigned to the computer and some of the domain  admins in the group.  The problem is three of the seven admins in the group just aren't downloaded to the computers.

0 Kudos
6 Replies
peter_eepc
Level 15

Re: Not all group users can sign in to PBA

And which EEPC version do you use? 6.0.0, 6.0.1 or 6.1.0?

Did you try to remove EEPC group from your PC, sync, then re-add it and sync again?

Message was edited by: peter_eepc on 6/21/10 10:01:33 AM EDT
0 Kudos
jsiergiej
Level 9

Re: Not all group users can sign in to PBA

I am using 6.1, but I had the same issue in 6.0 and 6.0.1.  Thought that 6.1 would fix it.

I did try removing the group from Group Users, waking up the agents on the laptops, re-synching, re-adding the group and waking up the agents again.  Still, the same 3 users can't sign in to the laptops.   I get Unknown user.

I can only get them to sign in if I explicity assign them to the computer, but I can't add my admins to every single computer.  That would be an administrative nightmare.

Message was edited by: Jack Siergiej on 6/21/10 9:09:26 AM CDT
0 Kudos
SCtbe
Level 12

Re: Not all group users can sign in to PBA

Try two things:

1. Add required users (not groups) in Group Users tab.or try to use different group, for ex. create dedicated group EEPC_Admins end assign required users to it, and this group assign in Group Users section

if 1 fail, try

2. Use different Administrator account for Registered Server - from my test, it seems that "Administrator" account is the best one, even if you have second account with the same permission set (just one of untold stories).

0 Kudos
jsiergiej
Level 9

Re: Not all group users can sign in to PBA

Tried assigning the users directly into Group Users and woke up the agents on the computers.  I did a send and collect props, etc and rebooted.  Still no dice for these 3 users.

0 Kudos
jsiergiej
Level 9

Re: Not all group users can sign in to PBA

Issue resolved...

The admin users that were not showing up in EE: Users query had their primary AD  group set the Domain Admins and not Domain Users.

If I switched their Primary Group to Domain Users and ran my EE / LDAP  synch task, they showed up in EE:Users.

Should the primary group setting be a factor here?

0 Kudos
SCtbe
Level 12

Re: Not all group users can sign in to PBA

Probably it have something to do with way ePO crawl AD, but it's one of McAfee mysteries.

0 Kudos