How to replicate AD imported users within the hierarchy

book

Article ID: 179773

calendar_today

Updated On:

Products

Management Platform (Formerly known as Notification Server)

Issue/Introduction

 

Resolution

Question

The Symantec Management Platform does not provide a User Resource replication rule, so by default, users are not replicated within the hierarchy.

What needs to be done in order to replicated users imported from Active Directory?

Answer
As Filters are only replicated down the hierarchy, it only makes sense to perform the AD import from the parent server, and then configure replication to replicate the AD related filters and users to the child server.

The following process will allow to to achieve this:

1. Go to the Replication page in the console. Settings>Notification Server>Hierarchy> Replication tab. Go to the Resources section>click on the PLUS + to add a new Replication Rule. Click on the Resource Types> Select USER and move it to the selected Items> Click OK.
2. Now Select data classes> Under the Group (dropdown) select User Data and move all three classes to the selected items sections. (Global User Contact Details, Global User General Details, Global Windows Users) Click OK.
3. Now Select under the Group (dropdown) Directory Connector>move both the Security Groups and Global Active Directory Details to the Selected items section and click OK.
4. Under Direction select Down the Hierarchy, Set the schedule, save changes.
5.   If you are already replication all Configuration and Management Items, then you do not need to perform this next step.  Either select the Domain folder or the Security Groups folder within the “Manage Filters > Notification Server Filters > Directory Filters” folder structure.and then right-click Hierarchy > Enable Replication, as this will cause the Domain folder and subfolders to be replicated to the Child servers, which will then have the replication icon associated with them on the Child servers.  You may have to manually update the filter membership to see the users afterwards.

If you do not want to utilise the AD related filters, you can perform the AD import from the child server, and then create a similar rule on the child server, but this time setting its direction to go up the hierarchy, as this will populate the parents normal user filters with the users that exist on the child server.  Step five in the above process will not be required.