Orphaned Active Directory Import Items

book

Article ID: 169695

calendar_today

Updated On:

Products

Management Platform (Formerly known as Notification Server)

Issue/Introduction

Computers imported from Active Directory are not being removed from the Notification Server Database after they have been deleted from Active Directory.

Cause

The Directory Import Rule that initially brought the computers in to the Altiris database via import may have been deleted.  Each computer brought into Altiris via the directory import rules are flagged as IsImported and have an association with the GUID of the rule that imported the computer.  Once the rule has been deleted, the computer records are effectively orphaned from the Active Directory import.  Creating a new rule for the import of objects from a given domain will not correct the problem because the new rule will have a new GUID associated with it.

Resolution

To correct the issue, the computer objects that are flagged IsImported = 1 must be re-associated with the GUID of an import rule associated with the domain where they originated.  Perform the following tasks to re-associate the computer records with the Active Directory import rules.

1)  Manually verify that there is a computer import rule defined for each possible source import domain
2) In SQL Query Analyzer, run the following script:

/* Begin SQL Script*/

use Altiris

declare @ruleguid uniqueidentifier
declare @domain char
declare rmcursor CURSOR for
Select Distinct vComputer.[Domain] from vComputer
open rmcursor

fetch next from rmcursor into @domain
while @@fetch_status = 0
begin
fetch next from rmcursor into @domain


declare @comp char
Set @comp = '%'
select @ruleguid = (Select Item.[GUID]
from Item
where Item.[ClassGuid] = 'B2378265-2779-49E6-998D-8BE620B3D9D9'
and Item.[Name] Like ('%' + @domain + '%')
and Item.[Name] Like '%computer%')

update inv_import_Rule_imported_items set ImportRuleGuid = @ruleguid
where _ResourceGuid in (select inv_import_Rule_imported_items.[_resourceGuid]
from vComputer, inv_import_Rule_imported_items, Evt_Directory_import_status, Item
where vComputer.[name] LIKE ('%' + @comp + '%')
and item.[Guid] = vComputer.[GUID]
and inv_import_Rule_imported_items.[_resourceGuid] = vComputer.[GUID]
and Evt_Directory_import_status.[_resourceGuid] = vComputer.[GUID]
and vComputer.[Domain] LIKE ('%' + @domain + '%')
and inv_import_Rule_imported_items.[IncludeInImportRule] = 1
and item.[Classguid] = '539626D8-A35A-47EB-8B4A-64D3DA110D01')

update Evt_Directory_import_status set ImportRuleGuid = @ruleguid
where _ResourceGuid in (select Evt_Directory_import_status.[_resourceGuid]
from vComputer, inv_import_Rule_imported_items, Evt_Directory_import_status, Item
where vComputer.[name] LIKE ('%' + @comp + '%')
and item.[Guid] = vComputer.[GUID]
and inv_import_Rule_imported_items.[_resourceGuid] = vComputer.[GUID]
and Evt_Directory_import_status.[_resourceGuid] = vComputer.[GUID]
and vComputer.[Domain] LIKE ('%' + @domain + '%')
and inv_import_Rule_imported_items.[IncludeInImportRule] = 1
and inv_import_Rule_imported_items.[ImportRuleGuid] = @ruleguid
and item.[Classguid] = '539626D8-A35A-47EB-8B4A-64D3DA110D01')

end
close rmcursor
deallocate rmcursor

/* End SQL Script */

 

This script can be used in circumstances where there is one or multiple domains based Active Directory computer import rules defined.

The above script has been seen not to work on SMP7 - the below query will assign -any- orphaned computer resource to the first valid AD import rule. NOTE; This is -not- as advanced as the above query and does not cover the multi domain scenario. It will work well in a single domain scenario, but may not work quite as well in a multiple domain one.

/* Start SQL Script */

-- Reassign computers to a valid AD rule
declare @GoodImportRuleGuid uniqueidentifier

set @GoodImportRuleGuid = (
 select top 1 [ImportRuleGuid] from Inv_Import_Rule_Imported_Items
 where [ImportRuleGuid] in (select [Guid] from Item)
   and [_ResourceGuid] in (select [Guid] from vComputer)
 )

update Inv_Import_Rule_Imported_Items
set [ImportRuleGuid] = @GoodImportRuleGuid
where [_ResourceGuid] in (select [Guid] from vComputer)
  and [ImportRuleGuid] not in (select [Guid] from Item)

/* End SQL Script */


Applies To

NS, AD Connector, ADResynch

One to Many Directory Import Rules may be defined.  Typically, in a multi-domain environment there will be one computer import rule per domain when rights are restricted from the forest root domain.