You are trying to bring Roles and Accounts to your SMP Server. You created an "Import Role and Account resources" Rule that points to one of this OUs in AD. However, when you run the rule, you get this error:
No security groups defined and 'ImportAllGroups' is not set.
Directory import failed.
No security groups defined and 'ImportAllGroups' is not set.
[Altiris.DirectoryServices.RuleImportException @ Altiris.DirectoryServices]
at Altiris.DirectoryServices.NSDirectoryItems.DirectoryImportTask.DoDirectoryImportTask(String taskid, String importXml, Boolean bUpdateImport)
Exception logged from:
at Altiris.DirectoryServices.NSDirectoryItems.DirectoryImportTask.SetException(Int32, Int32, Altiris.NS.StatusMessage.LocalizableInterpocessMessage, Exception)
at Altiris.DirectoryServices.NSDirectoryItems.DirectoryImportTask.DoDirectoryImportTask(String, String, Boolean)
at RuntimeMethodHandle.InvokeMethod(Object, Object[], Signature, Boolean)
at System.Reflection.RuntimeMethodInfo.UnsafeInvokeInternal(Object, Object[], Object[])
at System.Reflection.RuntimeMethodInfo.Invoke(Object, System.Reflection.BindingFlags, System.Reflection.Binder, Object[], System.Globalization.CultureInfo)
at Altiris.NS.TaskManagement.TaskThread.Execute(Altiris.NS.TaskManagement.TaskManagerServiceArgs, Altiris.NS.ContextManagement.ProgressContext)
at Altiris.NS.TaskManagement.CoreTaskServiceThreadBase<T,TStartArgs>.ExecuteThreadProc(Object)
at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, Object, Boolean)
at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, Object, Boolean)
at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, Object)
at System.Threading.ThreadHelper.ThreadStart(Object)
-----------------------------------------------------------------------------------------------------
Tick Count: 1612182625 (18.15:49:42.6250000), Size: 1.97 KB
Process: AeXSvc (1352), Thread ID: 406, Module: Altiris.DirectoryServices.dll
Priority: 1, Source: Altiris.DirectoryServices.NSDirectoryItems.DirectoryImportTask.SetException
ITMS 7.x, 8.x
The message refers that for the "Import Role and Account resources" AD Rule, it requires that a security Group is selected.
In this example, we have setup a new OU (organizational unit) called "Contractors". As well a sub-OU called "Sales". In the sub-OU "Sales" a new user was created called "Lab Tester" in this fictional EPM.local domain.
When we selected the OU for this Import Role and Account resources AD Rule, we selected the "Sales" sub-OU.
However, this OU doesn't contain a security group that has this user as a member. The Import Rule requires a Security Group as part of the OU that is been imported to work properly.