6 Replies Latest reply on Jul 29, 2009 3:51 PM by rbashir

    AutoDomain User Issue

      So, we are using the ADconnector to populate the users, we are also using the Autodomain script to assign the user to the machine. Now here is what is happening.

      First, we have set the options for creating the UserInOU, the user does get assigned to the machine after the script runs, but now we have two instances of the same user, one resides in the domain tree that we populated used the ADconnector and another user automatically created in the Defaut Administrators Group, after the script runs.

      Secondly, the user name also changes from Lname.Fname@domain.com from
      just Lname.Fname when it becomes the member of the Administrator group. with the UserInOU option set sould'nt the user be created automatically in their respective OU?

      I also understand that if using the AutoDomain, using ADConnector is not a good option. My major concern is that why user is not being created in their respective OU via Autodomain script ?

      Thanks
      RB
        • 1. RE: AutoDomain User Issue
          what did the log say? It will show you the flow as it goes through creating the user.

          if you want to use UPN's you need to turn that on in the script, otherwise it will assume you want to use SAM account names.
          • 2. RE: AutoDomain User Issue


            That's fine, but the issue why it is not creating the user in their respetive OU, rather than putting the new users in the Administrators group of McAfee Endpoint?
            • 3. RE: AutoDomain User Issue
              the log will tell you that as well - maybe it could not create the group for example, or maybe you didnt set a template group, or maybe you didnt even set createusersinou = true, or maybe the user name could not be found in the AD (it does a samaccountname lookup)?
              • 4. RE: AutoDomain User Issue

                Here is the log file, the user part


                7/29/2009 13:53:12.52 PM: Skipping adding the following users for you because they are either already allocated, or on a blacklist your administrator has set: |Administrator|,|LocalService|,|All Users|,|Default User|,|NetworkService|,|Guest|,|systemprofile|,|emanager|

                7/29/2009 13:53:12.52 PM: Processing Current User "john.doe" from the "DomainName" Domain
                7/29/2009 13:53:12.52 PM: Running sbadmclSetUser... john.doe//IIAHERLAB-EPO/False)...
                7/29/2009 13:53:12.54 PM: Existing Connection
                7/29/2009 13:53:12.59 PM: ....Captured Command Result Code: 0xdb000004
                7/29/2009 13:53:12.59 PM: Tried to sbadmclSetUser called "john.doe" (or group "") but failed because "The name was not found in the database"
                7/29/2009 13:53:12.63 PM: User "john.doe" was not found in the DB.
                7/29/2009 13:53:12.63 PM: Asking the current user to enter their Windows password prior to creating them because askforcurrentpassword=true and createusers=true.
                7/29/2009 13:53:12.66 PM: Running GetPassword
                7/29/2009 13:53:29.34 PM: Running sbadmclCreateUser (john.doe/) Password Length: 10
                7/29/2009 13:53:29.34 PM: Existing Connection
                7/29/2009 13:53:29.85 PM: Created new user "john.doe" in the group ""
                7/29/2009 13:53:29.85 PM: Created user "john.doe" in the group .
                7/29/2009 13:53:29.90 PM: Running sbadmclAddBinding (john.doe/SbAdCon0.username/\53\db\7f\50\d1\f1\5f\49\b3\68\63\0c\fd\6e\53\8d).. .
                7/29/2009 13:53:29.90 PM: Existing Connection
                7/29/2009 13:53:29.94 PM: Set binding for user "john.doe"
                7/29/2009 13:53:29.95 PM: Running sbadmclAddBinding (john.doe/SbAdCon0.username/\53\db\7f\50\d1\f1\5f\49\b3\68\63\0c\fd\6e\53\8d).. .
                7/29/2009 13:53:29.95 PM: Existing Connection
                7/29/2009 13:53:29.00 PM: Set binding for user "john.doe"
                7/29/2009 13:53:29.00 PM: Running sbadmclAddBinding (john.doe/SbAdCon0.val/\53\db\7f\50\d1\f1\5f\49\b3\68\63\0c\fd\6e\53\8d)...
                7/29/2009 13:53:29.00 PM: Existing Connection
                7/29/2009 13:53:30.04 PM: Set binding for user "john.doe"
                7/29/2009 13:53:30.04 PM: Running sbadmclAddBinding (john.doe/SbAdCon0.att/objectGUID)...
                7/29/2009 13:53:30.04 PM: Existing Connection
                7/29/2009 13:53:30.10 PM: Set binding for user "john.doe"
                7/29/2009 13:53:30.10 PM: Setting SSO Details for user "john.doe" because setssooncreate=true
                7/29/2009 13:53:30.10 PM: Running sbadmclSetWindowsCred (john.doe/john.doe/DomainName)...
                7/29/2009 13:53:30.10 PM: Existing Connection
                7/29/2009 13:53:30.16 PM: Set SSO creds for user "john.doe"
                7/29/2009 13:53:30.16 PM: 0x00000000 | The operation completed successfully.
                7/29/2009 13:53:30.16 PM: Asking the user to enter some hidden information fields because numberofqatoask>0
                7/29/2009 13:53:30.18 PM: Running GetQuestionAnswer
                7/29/2009 13:53:46.39 PM: Running sbadmclUpdateUserCFG (john.doe/C:\DOCUME~1\REHAN~1.BAS\LOCALS~1\Temp\radB24F1.tmp)...
                7/29/2009 13:53:46.39 PM: Existing Connection
                7/29/2009 13:53:46.67 PM: 0x00000000 | The operation completed successfully.
                7/29/2009 13:53:46.67 PM: Set User Information Fields
                7/29/2009 13:53:46.68 PM: Running sbadmclSetUser... john.doe//IIAHERLAB-EPO/False)...
                7/29/2009 13:53:46.68 PM: Existing Connection
                7/29/2009 13:53:46.73 PM: ....Captured Command Result Code: 0x00000000
                7/29/2009 13:53:46.73 PM: Set user called "john.doe" (or group "") as a valid user of machine "IIAHERLAB-EPO".
                7/29/2009 13:53:46.73 PM: Skipping adding user to security group as it's not set.
                7/29/2009 13:53:46.74 PM: START: Cached Profile Path: "C:\WINDOWS\system32\config\systemprofile"
                7/29/2009 13:53:46.92 PM: User SID: S-1-5-18
                7/29/2009 13:53:46.92 PM: Machine SID: S-1-5-21-3045908886-1706629639-1682975781
                7/29/2009 13:53:46.92 PM: User from LOCALSYSTEM domain (by virtue of SID).
                7/29/2009 13:53:46.92 PM: Skipped User (Domain not in DefaultGoodDomains list): "systemprofile" from the "LOCALSYSTEM" Domain. Current good domains list is "DomainName.gov"
                7/29/2009 13:53:46.92 PM: FINISH: Cached Profile
                7/29/2009 13:53:46.92 PM: START: Cached Profile Path: "C:\Documents and Settings\LocalService"
                7/29/2009 13:53:47.06 PM: User SID: S-1-5-19
                7/29/2009 13:53:47.06 PM: Machine SID: S-1-5-21-3045908886-1706629639-1682975781
                7/29/2009 13:53:47.06 PM: User from LOCALSYSTEM domain (by virtue of SID).
                7/29/2009 13:53:47.06 PM: Skipped User (Domain not in DefaultGoodDomains list): "LocalService" from the "LOCALSYSTEM" Domain. Current good domains list is "DomainName.gov"
                7/29/2009 13:53:47.06 PM: FINISH: Cached Profile
                7/29/2009 13:53:47.06 PM: START: Cached Profile Path: "C:\Documents and Settings\NetworkService"
                7/29/2009 13:53:47.20 PM: User SID: S-1-5-20
                7/29/2009 13:53:47.20 PM: Machine SID: S-1-5-21-3045908886-1706629639-1682975781
                7/29/2009 13:53:47.20 PM: User from LOCALSYSTEM domain (by virtue of SID).
                7/29/2009 13:53:47.20 PM: Skipped User (Domain not in DefaultGoodDomains list): "NetworkService" from the "LOCALSYSTEM" Domain. Current good domains list is "DomainName.gov"
                7/29/2009 13:53:47.20 PM: FINISH: Cached Profile
                7/29/2009 13:53:47.24 PM: START: Cached Profile Path: "C:\Documents and Settings\Administrator"
                7/29/2009 13:53:47.37 PM: User SID: S-1-5-21-3045908886-1706629639-1682975781-500
                7/29/2009 13:53:47.37 PM: Machine SID: S-1-5-21-3045908886-1706629639-1682975781
                7/29/2009 13:53:47.37 PM: User from LOCAL domain (by virtue of SID).
                7/29/2009 13:53:47.37 PM: Skipped User (Domain not in DefaultGoodDomains list): "Administrator" from the "LOCAL" Domain. Current good domains list is "DomainName.gov"
                7/29/2009 13:53:47.37 PM: FINISH: Cached Profile
                7/29/2009 13:53:47.37 PM: START: Cached Profile Path: "C:\Documents and Settings\john.doe"
                7/29/2009 13:53:47.37 PM: Dotted user name detected (john.doe) - testing for domain name content
                7/29/2009 13:53:47.37 PM: Found 1 domains in defaultgooddomains list which I will test against this user - the complete list is: "DomainName.gov"
                7/29/2009 13:53:47.37 PM: Could not match a domain name, so assuming that "john.doe" is a real user name.
                7/29/2009 13:53:47.50 PM: User SID: S-1-5-21-3834190887-3493736669-3257043768-1110
                7/29/2009 13:53:47.50 PM: Machine SID: S-1-5-21-3045908886-1706629639-1682975781
                7/29/2009 13:53:47.50 PM: Could not determine user domain so setting it to "DomainName"
                7/29/2009 13:53:47.50 PM: Skipped User (Because on Skip List): "john.doe" from the "DomainName" Domain
                7/29/2009 13:53:47.50 PM: FINISH: Cached Profile
                7/29/2009 13:53:47.50 PM: START: Cached Profile Path: "C:\Documents and Settings\eepc"
                7/29/2009 13:53:47.63 PM: User SID: S-1-5-21-3834190887-3493736669-3257043768-1148
                7/29/2009 13:53:47.63 PM: Machine SID: S-1-5-21-3045908886-1706629639-1682975781
                7/29/2009 13:53:47.63 PM: Could not determine user domain so setting it to "DomainName"
                7/29/2009 13:53:47.63 PM: Processing Domain User: eepc from the 'DomainName' Domain
                • 5. RE: AutoDomain User Issue
                  user group names are blank througout. Are you sure that you've set templateusergroup and createusersinOU ?

                  mail me your autodomain.ini file and I'll take a quick look, but you might need to get prof services in to help you out.
                  • 6. RE: AutoDomain User Issue


                    Issue Resolved, I put my domain name in DefaultGoodDomains, as soon as I removed it , it started to work.