ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

AD Import Rule for Role and Account is failing with: No security groups defined and 'ImportAllGroups' is not set.

book

Article ID: 173150

calendar_today

Updated On:

Products

IT Management Suite

Issue/Introduction

The customer is trying to bring Roles and Accounts to his SMP. He created an Import  Role and Account resources Rule that points to one of this OUs in AD. However, when he runs the rule, he gets this error:

No security groups defined and 'ImportAllGroups' is not set.

 

Directory import failed.

No security groups defined and 'ImportAllGroups' is not set.
   [Altiris.DirectoryServices.RuleImportException @ Altiris.DirectoryServices]
   at Altiris.DirectoryServices.NSDirectoryItems.DirectoryImportTask.DoDirectoryImportTask(String taskid, String importXml, Boolean bUpdateImport)

Exception logged from:
   at Altiris.DirectoryServices.NSDirectoryItems.DirectoryImportTask.SetException(Int32, Int32, Altiris.NS.StatusMessage.LocalizableInterpocessMessage, Exception)
   at Altiris.DirectoryServices.NSDirectoryItems.DirectoryImportTask.DoDirectoryImportTask(String, String, Boolean)
   at RuntimeMethodHandle.InvokeMethod(Object, Object[], Signature, Boolean)
   at System.Reflection.RuntimeMethodInfo.UnsafeInvokeInternal(Object, Object[], Object[])
   at System.Reflection.RuntimeMethodInfo.Invoke(Object, System.Reflection.BindingFlags, System.Reflection.Binder, Object[], System.Globalization.CultureInfo)
   at Altiris.NS.TaskManagement.TaskThread.Execute(Altiris.NS.TaskManagement.TaskManagerServiceArgs, Altiris.NS.ContextManagement.ProgressContext)
   at Altiris.NS.TaskManagement.CoreTaskServiceThreadBase<T,TStartArgs>.ExecuteThreadProc(Object)
   at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, Object)
   at System.Threading.ThreadHelper.ThreadStart(Object)

User [EPM.local\altiris], Auth [EPM.Local\Altiris], AppDomain [AeXSVC.exe]

-----------------------------------------------------------------------------------------------------
Date: 12/4/2018 2:07:30 PM, Tick Count: 1612182625 (18.15:49:42.6250000), Size: 1.97 KB
Process: AeXSvc (1352), Thread ID: 406, Module: Altiris.DirectoryServices.dll
Priority: 1, Source: Altiris.DirectoryServices.NSDirectoryItems.DirectoryImportTask.SetException

Cause

The message refers that for the Import Role and Account resources AD Rule, it requires that a security Group is selected.

In this example, we have setup a new OU (organizational unit) called "Contractors". As well a sub-OU called "Sales". In the sub-OU "Sales" a new user was created called "Lab Tester".

When we selected the OU for this Import Role and Account resources AD Rule, we selected the "Sales" sub-OU.

However, this OU doesn't contain a security group that has this user as a member. The Import Rule requires a Security Group as part of the OU that is been imported to work properly.

Environment

ITMS 7.6 and later

Resolution

  1. Create a Security Group in the desired OU and make sure these users are part of it.





     
  2. OR use the "Users" OU for this import Role and Account resources AD Import Rule, which should bring any user for all the security groups already present (in this example this user called " Lab Tester" also belongs to the "Domain Users" security group as shown in the previous screenshot)

Attachments