New member of local LANDESK Management Suite group is not being recognized

Version 2

    Verified Product Versions

    Endpoint Manager 9.5Endpoint Manager 9.6



    Reviewed: November 2014

     

    Versions Effected: LDMS 9.0 , 9.5, 9.6 and newer

     

    Problem / Scenario:

    You added an AD group to local LANDESK Management Suite group on the core, but the Role Based Administration tool has indicated that  it has not been added. Other AD groups in this local group have added OK.

    Screen Shot 2014-11-03 at 14.42.02.png

    It states in our manual "The group XYZ must be added to a local LANDesk security group" for the users to appear in the console to be able to have rights allocated to them

     

    You have found that refresh does not work. And logging in and then out again does not work either.

     

    Cause:

    By looking in the logs:

     

    LDMS 9.0 and 9.5

    program files (x86)\landesk\managementsuite\log\createlandeskrights.exe.log

    program files (x86)\landesk\managementsuite\log\resolveusersandgroups.exe.log"

     

    LDMS 9.6
    program files\landesk\managementsuite\log\createlandeskrights.exe.log

    program files\landesk\managementsuite\log\resolveusersandgroups.exe.log"

     

    You can see that there is a specific user who does not exist in the AD anymore is blocking this process. This is usually caused if the 'blocking' user is disabled in the AD or removed

     

    Sometimes the process for importing users also needs to be implemented manually as the database has not been updated with the new user information yet.

     

    Solution:

    Using a elevated command prompt runt he following executables to re-run the process of the the import of the users manually.

     

    LDMS 9.0 and 9.5

    program files (x86)\landesk\managementsuite\createlandeskrights.exe

    program files (x86)\landesk\managementsuite\resolveusersandgroups.exe

     

    LDMS 9.6

    program files\landesk\managementsuite\createlandeskrights.exe

    program files\landesk\managementsuite\resolveusersandgroups.exe

     

     

     

    This should resolve the issue and import the user as needed.

     

    Further Information:

    The executable createlandeskrights.exe is only run during the initial installation of LDMS and when service packages are installed. This process deletes and refreshes the users with the database under the table console user. By running this you are rerunning the whole process of importing users, which in 9/10 cases works every time. If this does not work the log file located here:

     

    LDMS 9.0 and 9.5

    program files (x86)\landesk\managementsuite\log\createlandeskrights.exe.log

     

    LDMS 9.6
    program files\landesk\managementsuite\log\createlandeskrights.exe.log

     

    will contain new lines as to why this is failing

     

    The executable resolveusersandgroups.exe is run on a frequent basis. This application checks the local LANDESK groups and compares the users within the database itself. This then checks if the users exists and if not creates them. If they do then it updates them. If they exists within the database and not the ad group be compared against then they are deleted. This is where a issue may occur as the user may not be deleted if he is associated with a lot of scheduled tasks within the database. This happens on occasion. When this does you will be notified within the log file located here, when the above command is run in the solution:

     

    LDMS 9.0 and 9.5

    program files (x86)\landesk\managementsuite\log\resolveusersandgroups.exe.log"

     

    LDMS 9.6

    program files\landesk\managementsuite\log\resolveusersandgroups.exe.log"

     

    At which point you will have to remove the user from the console, if they do not exist there then you will have to do it manually via the database. A backup is recommended before doing this.