ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

Having a problem in creating a User account to provide access to the Symantec Management Console

book

Article ID: 226753

calendar_today

Updated On:

Products

IT Management Suite

Issue/Introduction

The customer needs to bring an User account from another domain so he can assigned it to a Security Role on the SMP Console. He had created the User under SMP Console>Settings>Security>Account Management>Accounts>Add. His problem is that it only allows him to enter users from the Main domain. When he tries to associate the Windows account to the one that he created, he gets:

"The specified User is invalid"

The trust relationship configuration has been made between all the domains that are managed on this SMP server.

Cause

It is necessary to bring the account reference from AD.

Environment

ITMS 8.5, 8.6

Resolution

Users imported by a “User” AD Import rule should not be mistaken for accounts that get created in the console manually and associated with a “Windows” user. An imported user and a created user account could theoretically have the same name. The user account in the console will maintain its association to the Windows account unless the user is removed from AD.

A “Role and Account AD Import rule” is needed to import security groups and their membership as roles and accounts into the database. A ”Role and Account” rule will create roles for each imported security group and its membership as “Accounts”.  These “Accounts” are also included in the role’s membership.
The AD Import process supports creating Role and Account resources based on Groups and Users in Microsoft Active Directory.
Role resources are created for each Group imported from AD, and Account and Windows Credential resources are created for each User imported from AD.
Also, the memberships of the group in AD are also imported.

In order to bring the User account reference from the other domain, you need to import domain groups and users from Active Directory:

  1. In the Symantec Management Console, on the Actions menu, click Discover > Import Microsoft Active Directory.
  2. On the Microsoft Active Directory Import page, in the description that is labeled "Import Role and Account resources from <data source>, from (none). Perform this import on the specified schedule", click the user group (none).
  3. In the Select Security Groups dialog box, search for the domain groups that you want to add; for example, Administrators and Users.
  4. Click Add to add the selected groups, and then click OK.
  5. Run the rule as a full import to import the selected domain group.
  6. In the Symantec Management Console, on the Settings menu, click Security > Account Management>Accounts, you should see those imported accounts from the other domain.
  7. After the account is present, assign the Security role as needed under the "Member of" tab.

Additional Information

181440 "Active Directory Import FAQ"

Attachments