search cancel

In a hierarchy filters created by importing AD security groups are not populated on child servers

book

Article ID: 163634

calendar_today

Updated On:

Products

IT Management Suite

Issue/Introduction

* A 1x4 hierarchy has been established.

* The parent SMP is importing AD Security Groups. Filters related to each security group are created/updated during the import.

* The filters are eventually replicated down to the child servers, but the filters never have any members populating them.

Environment

Symantec Management Platform 7.6, 8.0

Cause

The filters pull their membership from the table Inv_Security_Groups, which is only populated on the parent because the parent is the only server importing them.

 

Resolution

Since the data for these filters does not naturally replicate down a replication rule must be configured to send the data down to the respective servers.

1. On the parent create a filter that identifies all computers whose source or owner is a specific child. In this example, where there is a 1x4 there will be four filters created. Each filter will identify the computers owned by a specific server.

 

For example the first filter would be named something like "Computers owned by SMP_Child_A"

 

The following SQL could be used to identify those computers (and adjusted for the other filters)

 

select c.Guid

from vRM_Computer_Item c

join ItemNSSource ns on ns.ItemGuid = c.Guid

join OriginNSSourceNS osns on osns.Id = ns.OriginNSSourceNSId

join vSource vs on vs.Guid = osns.SourceNSGuid

 

where vs.Name = 'SMP-T2.Gamegrid.local' -- Name of the child SMP FQDN

 

 

2.  In the console go to "Settings > Notification Server > Hierarchy > Replication > Resources"

 Right click on the “Resources” folder and select “”

 

3. Give the rule the following attributes

 Name of the rule “Replicate Security Group info to SMP_Child_A”

 Select the “Resource Targets” radio button to enable it, then click on the link to the right and search for the filter for that server e.g “Computers owned by SMP_Child_A” and add it to the box on the right.“OK”

 Click on the link to the right of “Data Classes”. The list will probably be blank.In the “Group” pulldown menu select “Directory Connector” then add “Security Groups” into the box on the right.“OK”

 Click on the link next to the “Destination” tag and select the destination server, which will be the server whose members are in the previously selected filter.

 The credentials can usually be left as the default. Otherwise specify those needed to replicate to the destination.

 Set the desired schedule. This may be a daily event, or multiple times per day.

 Enable the rule so that it will run at the desired time(s). “Save Changes”.

 

4.  Repeat for each child in the hierarchy that needs the Security Groups data class information.