Understand the workflow of the BusinessObjects servers to obtain the list of users from an Active Directory group and have a list of troubleshooting methods to resolve any issues you might find adding groups to your system.
Configuring the account and adding groups
- The Central Management Server (CMS) can only run queries to the AD if it is installed in a Windows Machine
- The CMS queries the AD using the user account indicated in the page CMC > Authentication > Windows AD: AD Administration Name
- The format is DOMAIN\group_name
Workflow of adding Active Directory groups to the CMS database
- The CMS will do is to run a query to the network requesting domain controllers for the domain name indicated in DOMAIN\Group_name.
- Once the domain is found, the CMS will connect to the DC obtained in step 1 and request the list of users
Errors resolving domain name
These two simple steps can generate a long list of errors. The first one is resolving the domain given. The error displayed in the CMC page should be:
The secWinAD plugin failed to look up the account for the group "DOMAIN2\ValidGroupName". Please enter non-local groups as DomainName\GroupName and local groups as \\ServerName\GroupName.
By default, the Windows server uses NetBIOS to resolve domain name. For multiple domains, it is recommended to set the registry value UseFQDNForDirectoryServers as indicated in the KBA 1199995
In order to obtain more details, you should enable traces on the CMS server as indicated in the KBA 1335757 .
This is a due to an operating system error (Windows) not able to resolve domain names. There is nothing in the configuration of BusinessObjects that can change this behaviour. We need to continue troubleshooting network and OS. Despite being outside the scope of BusinessObjects products, here are some useful tools to help you and your network and AD administrators to find a solution
Check what your CMS is requesting
As we have seen, there are only 2 lines in our CMS traces when the domain is not found. Let’s compare with the traces of a system that is working correctly:
In the system that is not working, we can capture the network traffic using a tool such as Microsoft Network Monitor or Wireshark.
Basic tools to resolve names
Microsoft provides several tools to troubleshoot your NetBIOS resolution problems: