We have Business Object XI Enterprise and I recently added a new AD group in the CMC as well as added existing multiple users to additional Active Directory groups in Active Directory. My problem is that if I look at the Groups in the CMC, all the users are listed. It appears to query AD then and there. If I select the User and look at the Groups the user is a member of, only a handful of the Groups are listed. Are changes to Windows AD automatically refreshed in Business Objects? Why does the user level appear different from the group level? Is it possible to a manual sync?
Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations derfloh on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
Problem with Active Directory not syncing in Crystal.
- Thread starter tmunson99
- Start date
Hi,
Yes, Business objects will refresh its AD information, but I am not sure of the frequency...
If you go to the Authentication tab ( where you added the AD group to your system) highlight the group and click on Update, it should 'force' a reread....
![[profile]](/data/assets/smilies/profile.gif "[profile] [profile]")
To Paraphrase:"The Help you get is proportional to the Help you give.."
Yes, Business objects will refresh its AD information, but I am not sure of the frequency...
If you go to the Authentication tab ( where you added the AD group to your system) highlight the group and click on Update, it should 'force' a reread....
To Paraphrase:"The Help you get is proportional to the Help you give.."
- Thread starter
- #3
Thanks for the post. I wish it were as simple as that. I've tried that several times and the user's groups just don't update. What I see for "Member Of" on the User does not match at all what Active Directory shows or what CMC shows for each respective Group. I have a test user that I have added to several Groups that are registered in BO XI and that user is listed under the Groups, but when I look at the User object, the Groups that he is a member of reflects what it was like a month ago. None of the current AD Groups are listed.
TheGoldMineGuru
MIS
Just in case, the 'Members Of' will only display the AD groups that were linked. So it only queries Active Directory based on what was explicity added to BOE. So, if a user is a member of 5 AD groups but only 2 were added to BOE, then 'Members Of' will only show those 2 groups.
I'm on BOEXI, not SR2, and that's the behavior I have experienced.
I'm on BOEXI, not SR2, and that's the behavior I have experienced.
- Thread starter
- #6
I have clicked refresh when viewing the 'Member Of' tab and still the same result. The Groups showing for a particular User are quite old and does not reflect at all what AD shows.
TheGoldMineGuru - What do you mean by explicitly adding the Groups. The groups appear under Authentication and I see the Groups under the security for a particular folder or object. I just don't Groups from the User perspective. Groups appears to be refreshing real time with Active Directory but Users are not refreshing.
TheGoldMineGuru - What do you mean by explicitly adding the Groups. The groups appear under Authentication and I see the Groups under the security for a particular folder or object. I just don't Groups from the User perspective. Groups appears to be refreshing real time with Active Directory but Users are not refreshing.
- Thread starter
- #7
Hi,
Sorry, I cannot reproduce that problem..
I added a user to an existing group using our AD admin console..waited 15 Minutes or so:
User was in Group
and
User's Group Memberships
showed the group she was just added to..
My system is:
BOEXI R2 ( clustered in 2 servers) - Oracle database for CMS
To Paraphrase:"The Help you get is proportional to the Help you give.."
Sorry, I cannot reproduce that problem..
I added a user to an existing group using our AD admin console..waited 15 Minutes or so:
User was in Group
and
User's Group Memberships
showed the group she was just added to..
My system is:
BOEXI R2 ( clustered in 2 servers) - Oracle database for CMS
To Paraphrase:"The Help you get is proportional to the Help you give.."
- Thread starter
- #10
Make sure that in the CMC Authentication Page for WinAD you have the following items selected...
New Alias Options
Assign each added AD alias to an account with the same name
Update Options
New aliases will be added and new users will be created
This should ensure that Users and Groups are Imported into the CMS Users and Groups from WinAD when you select UPDATE.
Otherwise, the Users are only added if they try to connect to the CMS using WinAD credentials.
New Alias Options
Assign each added AD alias to an account with the same name
Update Options
New aliases will be added and new users will be created
This should ensure that Users and Groups are Imported into the CMS Users and Groups from WinAD when you select UPDATE.
Otherwise, the Users are only added if they try to connect to the CMS using WinAD credentials.
We have the same problem here. Our AD-Group comprised about 50.000 Users. It takes about 4 days for the BOXI R2 SP1 System to import all Users. Normaly the system updates the AD-Graph every 15 minutes. As you see we had to change this to a manual update. This is a known issue to BO and they have no solution yet.
bleuys -
Is there a BOBJ Knowledge Base article for this known error...?
If so, can you please post the reference number here...?
What USER count does this start to become an issue (it will be a long time until we reach 50,000 users)...?
Thanks for the info.
MJRBIM
Is there a BOBJ Knowledge Base article for this known error...?
If so, can you please post the reference number here...?
What USER count does this start to become an issue (it will be a long time until we reach 50,000 users)...?
Thanks for the info.
MJRBIM
I have found that depending on where your Windows AD Domain groups are located in the Windows Domain tree will impact how quickly your Windows AD Authentication is updated in CE 10.0 SP4. I believe it works same way in BOXI R1 and R2 as well. We have a group of over 10,000 users in a particular Windows AD group and it was taking hours for the AD accounts to be pulled into CE. The Windows Admin moved our AD group to the first level of the Domain tree and now the users are updated in less than one minute.
Example:
Windows AD Domain Tree:
AD--|
|----- Group 1 (1st level in tree)
|----- ----- Group 2 (2nd level in tree)
We found if you try to pull in Group 2, it will take several hours. However, if you try to pull in Group 1, it will take only a minute or two. In the olders version of CE like 8.5 and 9.0, it did not matter how far down the domain tree the AD group was, it would always pull in users within a minute or two. Starting with CE 10.0, they changed how WinAD plugin works and it is designed to work better if you have your Windows AD groups setting at level 1 in the Windows AD group tree. Putting groups at lower levels can dramatically impact performance of the update in the Windows AD authentication tab of the CMC...
Example:
Windows AD Domain Tree:
AD--|
|----- Group 1 (1st level in tree)
|----- ----- Group 2 (2nd level in tree)
We found if you try to pull in Group 2, it will take several hours. However, if you try to pull in Group 1, it will take only a minute or two. In the olders version of CE like 8.5 and 9.0, it did not matter how far down the domain tree the AD group was, it would always pull in users within a minute or two. Starting with CE 10.0, they changed how WinAD plugin works and it is designed to work better if you have your Windows AD groups setting at level 1 in the Windows AD group tree. Putting groups at lower levels can dramatically impact performance of the update in the Windows AD authentication tab of the CMC...
Hi MJRBIM,
so far I know there is no Knowledge Base Entry about this issue.
We´ve got the Information from Bo that this issue was fixed in BOE XI R2. Poorly, it isn`t so....
@SomeHelp:
Thanks or the Information. At the moment we´re building up a test enviroment. So I will proof it for BOE XI R2.
so far I know there is no Knowledge Base Entry about this issue.
We´ve got the Information from Bo that this issue was fixed in BOE XI R2. Poorly, it isn`t so....
@SomeHelp:
Thanks or the Information. At the moment we´re building up a test enviroment. So I will proof it for BOE XI R2.
- Status
Similar threads
- Locked
- Question