search cancel

"Security Groups - Users to machines" filters are not been populated with membership from nested Security Groups.

book

Article ID: 162087

calendar_today

Updated On:

Products

IT Management Suite

Issue/Introduction

Customer is importing security groups of users, and is trying to use the ‘user to machine’ filters that are created automatically for them, The group he imports contains other security groups as a nested membership. The users get imported, but do not show up in the ‘User to Machine’ filter that is created respectively for that 'master' Security Group. 

Steps followed as example:
Steps to duplicate:
 
  1.        Create a ‘Security Group’ (aka SG) called ‘StudentLabs’.
  2.        Then another ‘SG’ called ‘Testers’.
  3.        Create 2 Users, ‘Tester1’ and ‘Tester2’, and add them to ‘Testers’ SG.
  4.        Make ‘Testers’ a member of ‘StudentLabs’ SG.
  5.        Then Ran the Users AD Import from a SG source bringing only the ‘StudentLabs’ SG
  6.        The ‘StudentLabs’ SG filter is populated but the ‘StudentLabs’ SG –Users to Machines is not.
  7.        If you look at the ‘StudentLabs’ SG filter, the ‘Testers’ SG filter is automatically added as an Inclusion. 
           But the ‘StudentLabs’ SG –Users to Machines is not.

Cause

Known issue. When the Security Groups filters are created, if those have other Security Groups nested, an Inclusion is added for those nested Security Groups as Filters. The Security Groups - Users to Machines are not doing it.

Resolution

This issue has been fixed. See ITMS 7.6 HF3 (DOC8873)

A workaround is available for those that can't upgrade: it is to add those missing Filters as inclusions.

Note: You could edit the XML for that filter and add the desired Filters (since the AD Import Filters are not editable directly).
Basically add the following into the XML for the desired master Security Group- Users to Machines and import it back:
<include>
  <collection>GUIDforFilter</collection>
  <collection>GUIDforFilter</collection>
</include>