If machines or users are manually moved to a different OU in Active Directory, the change is not reflected in the ITMS Console after an AD Import.

book

Article ID: 162662

calendar_today

Updated On:

Products

Management Platform (Formerly known as Notification Server)

Issue/Introduction

Customer reported that computers that get moved in AD, don't have the change reflected in the SMP Console under the respective AD Import filters.
He demonstrated one machine that he had moved in AD and after the import it stopped showing up in any of the AD groups in the console.

Note: this also applies to Users.

Cause

Known issue. Usually the issue is related to hashes getting out of sync for some resources where the proper reference between "ResourceUpdateSummary" and "Inv_OU_Membership" tables is missing. In this type of issue, the affected machines, or users, usually don't have an entry under "Inv_OU_Membership" table.

Resolution

The root cause has been addressed with the ITMS 8.0 release, so those changes should prevent this issue for happening for now on. However, if the issue was previously present, the following steps needs to be followed:

Note: if the issue is related to users, please see the modified queries that applies to users rather than computers.

  1. In order to fix this inconsistency, please run the following query to identify what machines may also have the issue (check if the desired machine is also listed in the results):

    --Identify computers that were imported via AD Import that are not re-imported again due to their hashes
    select * from ResourceUpdateSummary rus
    join vRM_Computer_Item vc on vc.Guid = rus.ResourceGuid
    join (select c.Guid, COUNT(_id) as oucount from vRM_Computer c
    left join Inv_OU_Membership oum on c.Guid = oum._ResourceGuid
    group by c.guid) ou on ou.Guid = rus.ResourceGuid
    where InventoryClassGuid = '7FDC0F4A-6B51-44CB-9287-F69A2CCD2B9E' --Inv_OU_Membership
    and ou.oucount != rus.[RowCount]
     
  2. If the desired machine or machines are listed in the results from query above, please run the scheduled task "NS.Refresh Resource Update Summary.{ec66f590-d151-4dad-a59d-b4bcd181e2ff}” under task scheduler.
  3. Run again the respective AD Import rule (Complete (Full) import is preferred).
  4. Run the Delta Resource Membership Update schedule and check if the missing computers are now present.
  5. If the machine or machines are not present yet, please run the following query to reset and allow the AD Import to recreate the proper associations:

    --Clear out all the incorrect references, so the next AD Import those resources can be updated properly:
    delete rus from ResourceUpdateSummary rus
    join vRM_Computer_Item vc on vc.Guid = rus.ResourceGuid
    join (select c.Guid, COUNT(_id) as oucount from vRM_Computer c
    left join Inv_OU_Membership oum on c.Guid = oum._ResourceGuid
    group by c.guid) ou on ou.Guid = rus.ResourceGuid
    where InventoryClassGuid = '7FDC0F4A-6B51-44CB-9287-F69A2CCD2B9E' --Inv_OU_Membership
    and ou.oucount != rus.[RowCount]
  6. Run again the respective AD Import rule (Complete (Full) import is preferred).

  7. Run the Delta resource membership update schedule and check if the missing computers are now present.

 

If you are still not at ITMS 8.0, please also refer to KB TECH234772 "AD import computers rule: Removing OU from import and adding it back later only adds 30% of computers in corresponding organizational group"

 

 

Queries that applies to users:

--Identify Users that were imported via AD Import that are not re-imported again due to their hashes
select vc.name, * from ResourceUpdateSummary rus
join vRM_User_Item vc on vc.Guid = rus.ResourceGuid
join (select c.Guid, COUNT(_id) as oucount from vRM_user c
left join Inv_OU_Membership oum on c.Guid = oum._ResourceGuid
group by c.guid) ou on ou.Guid = rus.ResourceGuid
where InventoryClassGuid = '7FDC0F4A-6B51-44CB-9287-F69A2CCD2B9E' --Inv_OU_Membership
and ou.oucount != rus.[RowCount]


--Clear out all the incorrect references, so the next AD Import those resources can be updated properly:
delete rus from ResourceUpdateSummary rus
join vRM_User_Item vc on vc.Guid = rus.ResourceGuid
join (select c.Guid, COUNT(_id) as oucount from vRM_user c
left join Inv_OU_Membership oum on c.Guid = oum._ResourceGuid
group by c.guid) ou on ou.Guid = rus.ResourceGuid
where InventoryClassGuid = '7FDC0F4A-6B51-44CB-9287-F69A2CCD2B9E' --Inv_OU_Membership
and ou.oucount != rus.[RowCount]