This content has been marked as final. Show 6 replies
what does the connector log tell you?
I'm not on that end of the setup its done higher up by a different group. But they have had us making all kinds of changes, but the users never make it into the group...
they need to look at the connector logs then - that will tell them why the users are being ignored.
Thanks, I will forward your comments
I am working with ol MustangMike on this too. Here is what is happening.
Everything was working as should be up until we upgraded them to 5.1.8
Since then, it is moving the users that are supposed to go to their MEE Help Desk group to the NO MAPPINGS group we have setup in the Object Directory.
These users are being mapped to a specific Security Group in AD.
There are 9 users who are a member of this security group and everytime the connector runs it moves these 9 folks to the NO MAPPINGS group because it says that no mapping exists.
If we create a brand new user in AD and tie them to the same security group and then run the AD Connector, it moves the 9 originals to NO MAPPINGS and puts the new AD user in the proper MEE Help Desk group.
So i know there is no issue with the syntax of the mappings or any of the settings otherwise all members of this security group would behave the same. I am thinking this is something weird in AD that is going on. I have looked at the sync logs and it doesnt say that it is ignoring the users, it says that they are being moved and no indication as to why. I know why, the AD connector is not recognizing that these folks are actually a member of the Security Group but why is it moving the one new guy to the proper place?
Any suggestions, anyone had anything similar ????
I am fresh out of options at this point.
We had seen similar behavior before the upgrade with security groups that for what ever reason would fail to get those users into the proper Endpoint groups. We had one case that we have the same users in two security groups that both were being seen by the Endpoint Connector, one group was added one week, pulling those folks into the unintended group in Endpoint, a couple of weeks later, the "intended" security group was added, but accounts are only allowed to exist once, so Endpoint was ignoring the second security group contents, (as it should).
Once we found that we had by mistake pointed users twice in Endpoint, we removed those users from the first security group, leaving only the intended users in the 1st security group, well after many sync's Endpoint failed to allow those users to be mapped to the intended security group?
What did we do? We deleted the intended security group, created a new one in AD, pointed Endpoint to it, and that worked. However, this is not the case with our current issue that we are discussing now.