Users that are members of an Active Directory group are not synced into ServiceDesk
search cancel

Users that are members of an Active Directory group are not synced into ServiceDesk

book

Article ID: 152033

calendar_today

Updated On:

Products

ServiceDesk

Issue/Introduction

When ServiceDesk performs an Active Directory sync, some users are not brought in. These users are members of an Active Directory group that is part of an organizational unit that was specified to be synced.

Cause

ServiceDesk syncs users based on their location in an Active Directory organizational unit, not based on their Active Directory group membership.

A common misconception on how this works is that users that are not in the specified organizational unit  but which are members of an Active Directory group will be synced. This is incorrect as these users are not in the specified organizational unit or domain.

Resolution

This is working as designed. Active Directory (AD) syncs must be planned and configured in such a way that all users to be synced are in the specified organizational units (OU) for the sync.

The following provides an example of how ServiceDesk syncs an OU that contains users and a group.

  • The OU "California" has one user, John Doe, and one security group, "Human Resources".
  • The OU "New York" has one user, Jim Smith.
  • The security group "Human Resources", in the OU "California", includes both users as members.





     

During the ServiceDesk sync, if the OU California is selected to be synced but the OU New York is not, the following will occur:

  • The user John Doe is synced into ServiceDesk. 
  • The security group name Human Resources is synced into ServiceDesk as a new group.
  • John Doe becomes a member of the Human Resources group in ServiceDesk.
  • Jim Smith is not synced because they are not part of the OU California.

Related Resources

Can ServiceDesk restrict what users are synced from an Active Directory organizational unit?
http://www.symantec.com/business/support/index?page=content&id=HOWTO31355

Does ServiceDesk support Active Directory child domains in parent domains?
http://www.symantec.com/business/support/index?page=content&id=HOWTO31333

How to automatically import Active Directory users into specific ServiceDesk group roles
http://www.symantec.com/business/support/index?page=content&id=HOWTO25971

How to add permissions to a custom group
http://www.symantec.com/business/support/index?page=content&id=HOWTO31168

Trying to configure an Active Directory Server in ServiceDesk results in the error "The server is not operational" or the Active Directory sync no longer works
http://www.symantec.com/business/support/index?page=content&id=TECH122106


Attachments

Powered by Wolken Software