The customer is trying to bring Roles and Accounts to his SMP. He created an Import  Role and Account resources Rule that points to one of this OUs in AD. However, when he runs the rule, he gets this error:

No security groups defined and 'ImportAllGroups' is not set.

Directory import failed.

No security groups defined and 'ImportAllGroups' is not set.
   [Altiris.DirectoryServices.RuleImportException @ Altiris.DirectoryServices]
   at Altiris.DirectoryServices.NSDirectoryItems.DirectoryImportTask.DoDirectoryImportTask(String taskid, String importXml, Boolean bUpdateImport)

Exception logged from:
   at Altiris.DirectoryServices.NSDirectoryItems.DirectoryImportTask.SetException(Int32, Int32, Altiris.NS.StatusMessage.LocalizableInterpocessMessage, Exception)
   at Altiris.DirectoryServices.NSDirectoryItems.DirectoryImportTask.DoDirectoryImportTask(String, String, Boolean)
   at RuntimeMethodHandle.InvokeMethod(Object, Object[], Signature, Boolean)
   at System.Reflection.RuntimeMethodInfo.UnsafeInvokeInternal(Object, Object[], Object[])
   at System.Reflection.RuntimeMethodInfo.Invoke(Object, System.Reflection.BindingFlags, System.Reflection.Binder, Object[], System.Globalization.CultureInfo)
   at Altiris.NS.TaskManagement.TaskThread.Execute(Altiris.NS.TaskManagement.TaskManagerServiceArgs, Altiris.NS.ContextManagement.ProgressContext)
   at Altiris.NS.TaskManagement.CoreTaskServiceThreadBase<T,TStartArgs>.ExecuteThreadProc(Object)
   at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, Object)
   at System.Threading.ThreadHelper.ThreadStart(Object)

User [EPM.local\altiris], Auth [EPM.Local\Altiris], AppDomain [AeXSVC.exe]

-----------------------------------------------------------------------------------------------------
Date: 12/4/2018 2:07:30 PM, Tick Count: 1612182625 (18.15:49:42.6250000), Size: 1.97 KB
Process: AeXSvc (1352), Thread ID: 406, Module: Altiris.DirectoryServices.dll
Priority: 1, Source: Altiris.DirectoryServices.NSDirectoryItems.DirectoryImportTask.SetException

ITMS 7.6 and later

The message refers that for the Import Role and Account resources AD Rule, it requires that a security Group is selected.

In this example, we have setup a new OU (organizational unit) called "Contractors". As well a sub-OU called "Sales". In the sub-OU "Sales" a new user was created called "Lab Tester".

When we selected the OU for this Import Role and Account resources AD Rule, we selected the "Sales" sub-OU.

However, this OU doesn't contain a security group that has this user as a member. The Import Rule requires a Security Group as part of the OU that is been imported to work properly.

1. Create a Security Group in the desired OU and make sure these users are part of it.
   
   
   
   
   
    
2. OR use the "Users" OU for this import Role and Account resources AD Import Rule, which should bring any user for all the security groups already present (in this example this user called " Lab Tester" also belongs to the "Domain Users" security group as shown in the previous screenshot)