7 Replies Latest reply on Jun 21, 2010 11:07 AM by SCtbe

    Importing users using SAM account/User logon names...

      Just got 6.01 installed, started setting up my groups and throwing some users into said groups to begin my testing. I'm seeing some weird things and I'm not really sure what to do from here.

       

      Two problems:

      1) When I register our domain controller in the registered servers section and test the connection, no problem - everything works great. If I try and modify any of the fields in the AD/Synch server task it says it can't communicate with the LDAP server - I have no idea why and neither did support. This is the screen I get if I click the ... button:

      LDAP.JPG

      So it wouldn't let us use the drop down interface, so we simply typed in "samaccountname" under the "Display Name" field, since that's apparently what it was generating the user accounts as. The tech told me to re-run the synch task and it should be good to go, but it's totally not.

       

      ADsynch.JPG

       


      The most frustrating part of this is that the users in ePO show up like they should - with their logon names, like USER1 instead of Jones, Tom - which is what I have to currently type in to get by SafeBoot. Am I missing something here? I'm beyond frustrated and I'm hoping someone else has done this before and has had success getting this to work.

        • 1. Re: Importing users using SAM account/User logon names...

          you should use samaccountname for the User Name field in order to type tjones instead of Jones, Tom.

          • 2. Re: Importing users using SAM account/User logon names...
            SCtbe

            And you should use "samaccountname" in both fields - User Name and Display Name in order to allow SSO work correctly (with "Must match user name" option checked).

             

            To get rid of error on first screen you should use "Administrator" named domain administrator user account.

            1 of 1 people found this helpful
            • 3. Re: Importing users using SAM account/User logon names...

              Where is the "Must match username option?"   I was always told you only needed the User Name field set to samaccountname.  If there documentation for setting the display name and why both should be set to samaccountname?

              • 4. Re: Importing users using SAM account/User logon names...

                SCtbe wrote:

                 

                And you should use "samaccountname" in both fields - User Name and Display Name in order to allow SSO work correctly (with "Must match user name" option checked).

                 

                To get rid of error on first screen you should use "Administrator" named domain administrator user account.

                What do you mean by I should use "Administrator named domain administrator user account"? I'm not exactly sure what you're saying here - the account I'm using in the server registration is a domain administrator account and it tests successfully. The only time I see that error is when I click on the button in the EEPC section.

                • 5. Re: Importing users using SAM account/User logon names...

                  Nevermind, I found the "Must match username" option. So why do you need to have samaccountname in the Display Name field again?  Why isn't samaccountname in the User Name field sufficient?  My SSO has been working fine this way.

                   

                  In regards to the username used for registered servers, from what I've read, you don't even need to use a domain administrator account in the registered server section. I am using a regular user level account and it works fine.

                   

                   

                  Message was edited by: Jack Siergiej on 6/21/10 10:09:26 AM CDT
                  • 6. Re: Importing users using SAM account/User logon names...
                    SCtbe

                    To see list with attributes, user have to be "Administrator", not john, frank, etc. but Administrator, but this have no impact to proper task execution only to the ability to see list of attributes.

                     

                    Jack, but when you use something different attribute than "samaccountname" in "Display Name" then actually you will see this attribute when you run EE: Users query, this looks like EE users are stored under this name.

                    I know that Display Name should have only display meaning, but I'm afraid it's not.

                    This has something to do with KB68096 issue, but my test shows that this is more than "cosmetic" issue.

                     

                    My test shows that when User Name is not the same as Display name then SSO with "Must match user name" option set do not work.

                    • 7. Re: Importing users using SAM account/User logon names...

                      Plus, many GUI operations and queries are simply confusing if those two fields do not match.