6 Replies Latest reply on Jan 18, 2012 5:49 PM by headless

    ePo 4.6.0 - Domain Controller OU not synching in AD Sync

      Hi

       

      I have setup ePO 4.6.0 and initiated AD Synchronisation. All the server OU's show along with the servers except for the Domain Controllers OU.

       

      Has anybody had this happen to them and if so, how is it resolved?

       

      I have read through the epo_460_product_guide but have not found anything that points me in the right direction.

       

      Cheers

       

      Chris

        • 1. Re: ePo 4.6.0 - Domain Controller OU not synching in AD Sync
          masten

          Could you provide a little more information about both the ePO sync setup and on which OU level you have set up the AD synchronization point. Preferably screenshots of the ePO sync setup page with your domain names and OU names obfuscated

           

          /Magnus

          • 2. Re: ePo 4.6.0 - Domain Controller OU not synching in AD Sync

            Hi Magnus

             

            Thanks for the reply. Please find below screen-shots of our setup. The DC's are under Root and the Servrs OU is two levels below Root.

             

            WP root.bmp

            WP Sync3.bmp

            WP Sync1.bmp

            WP Sync2.bmp

            Cheers

             

            Chris

            • 3. Re: ePo 4.6.0 - Domain Controller OU not synching in AD Sync
              masten

              Hi Chris

               

              From the screenshots I can't spot any obvious configuration "errors". To further troubleshoot I would investigate the following:

              1. Search for the DC's and make sure that they not already has been placed in the Lost&Found group (to avoid this tick the box  "Move systems from their current System tree location to the synchronized group")

              2. Check that the account used for the AD sync has the right to read the "Domain Controllers" OU and the system objects in it

              3. Set the sync point on the root level and check the tick the box "Exclude Empty Containers", also make exceptions for other OU's that you don't want to synchronize

              4. Check ePO logs for more clues, firstly the orion.log and EpoApSvr.log

               

              /Magnus

               

              on 1/17/12 10:03:51 AM CET
              • 4. Re: ePo 4.6.0 - Domain Controller OU not synching in AD Sync

                Hi Magnus

                 

                The user is an Enterprise Admin.

                Couldn't find the orion.log but checked the EpoApSvr.log and all looks fine

                 

                What I have found is the DC's are synching but not to their own named subgroup but to the subgroup I created under My Organisation.

                The attached screenshot shows this; they are all there under System Name.

                 

                They are still manageable ther, just would have liked them under their own subgroup name under AD Servers as are the other OU's.

                 

                Possibly as the Domain Controller OU is the root OU for the child objects it holds, it is not added as a subgroup under AD Servers. I say this because there are two servers under the AD Servers subgroup that are in the root of the Servers OU in AD and no Servers subgroup has been created under AD Servers. Make sense?

                 

                WP Sync4.bmp

                 

                Cheers

                 

                Chris

                • 5. Re: ePo 4.6.0 - Domain Controller OU not synching in AD Sync
                  masten

                  Yes the sync is working as expected then.

                   

                  One way to solve this is to skip syncing the "Domain Controllers" OU to your "AD Servers" ePO group. Create a new group either under "My Organization" or as a subgroup to the "AD Servers" group and set up the sync to the "Domain Controllers" OU on the newly created group. By doing this you will have your Domain Controllers synced to that group instead of the root of "AD Servers"

                   

                  Ex.

                  - My Organization

                            - AD Servers (ePO AD sync set up to the "Servers" OU)

                            - Domain Controllers (ePO AD sync set up to the "Domain Controllers" OU)

                            - Lost&Found

                   

                  /Magnus

                  • 6. Re: ePo 4.6.0 - Domain Controller OU not synching in AD Sync

                    Hi Magnus

                     

                    Spot on with the advice!! 

                     

                    I had kept working at it and finally figured it out late yesterday. I realised the OU I was synching in AD takes the root as the subgroup name in ePo.

                     

                    Thanks for all your help.

                     

                    Now I just have to figure out why I get the following error when trying to install an Agent handler. But I will raise a seeparate call for that.

                     

                    I assume now when iclose this call as Correct Answer I will get the opportunity to award you the max points?

                     

                    Cheers

                     

                    Chris