Unsolved
25 Posts
0
2149
Active Directory based groups and updating members
Hey guys,
I'm having some issues with Active Directory based groups in the Dell SMS virtual edition. I'm running v10.2.2.
Basically, I setup a new Endpoint Group to change some settings. I only put a few computers in the AD group to test it. Worked fine. However, if I add more computers to the AD group, they don't seem to update in the endpoint group. I've even waited to see if it requires the computer checking in to update it, but that doesn't seem to work either. I've had some that eventually appeared after messing with it for a bit, but I'm not sure what actually got those computers to appear. Now I've added about 50 computers to the AD group, but they aren't appearing in the endpoint group. I know some have checked into the server.
Any ideas? Also a pointer in the direction of the correct log, would be greatly helpful.
Thanks!
RMills1
SteveO1683
Moderator
Moderator
•
145 Posts
0
April 30th, 2019 14:00
Hey RMills1,
It sounds like you're doing everything right. Troubleshooting this issue via text only can be tricky, when you get a chance can you give us a call at DDS support 877 459 7304 ext. 4310039 to assist with this? We'll probably need to Webex to confirm settings, and grab logs from your server, and a few problem endpoints.
Thanks!
eddierowe
25 Posts
0
May 22nd, 2019 07:00
Did you get this sorted out? I ask because I learned that the AD group support is some type of replication rather than a lookup. So an AD group created and populated now is not available to add to ESSE immediately.
dell-dale p
156 Posts
0
May 23rd, 2019 05:00
Hi team!
One thing to keep in mind for using Active Directory groups for an Endpoint Group, is that the data for the Active Directory group membership is populated within the Dell Security Management Server based on Endpoint Inventory. This is done to prevent accidental recursion if we scraped Active Directory and nested groups are connected.
More information on how we handle Active Directory Endpoint Groups here: https://www.dell.com/support/article/us/en/04/sln306875
eddierowe
25 Posts
0
June 13th, 2019 14:00
In case someone else stumbles across this thread... the otherwise excellent KB article isn't quite as clear as it could be. Under the requirements section it states that "...at least one endpoint must be activated..." which stood out to me. But way down in the "How to Add an AD Endpoint Group to Dell Data Protection Server" under step 5 you will see "Only endpoints managed by Dell Data Security products will be visible through the Remote Management Console."
So unless you have the EMAgent installed on the system you cannot see the system in the AD group on the ESSE console. I overlooked the part in Step 5 so I got stuck. I logged an incident with Dell and multiple employees were not aware of how this is supposed to work. I reverse engineered it while testing and a 3rd Dell employee was well versed in how it should work.