Prepare your Environment for Running sms 2003 – Active Directory Part2

April 25, 2007 at 3:02 pm in Sms 2003 by The WMI guy

Are you tired of seeing your Active directory system group and active directory user discovery in error all of the time?


Is your status filled with messages like:


SMS Active Directory System Group Discovery Agent reported errors for X objects. DDR’s were generated for Y objects that had errors while reading non-critical properties. DDR’s were not generated for Z objects that had errors while reading critical properties.


Do you see following message in the adsysgrp.log and adusrdis.log:


Could not get property (memberOf) for system XXXXXXXX or


Could not get property (memberOf) for user XXXXXXXX


Then read on, I’ll explain what is happening and more importantly what you can do about it.


 Explaining the Issue (Logs and status messages)


The status message is telling you that it can’t read a critical property of a user or computer object. It is also telling you that this might be a security or replication issue, or that the property might not be available. All suggestions which you probably verified already. The log files are actually telling you the property that couldn’t be read, it is the memberOf property, which contains the group memberships for users and computers.


This memberof property in active directory contains all groups you are a member of, with the exception of the first group you are a member of. This is because the first group is actually stored in the PrimaryGroupId attribute. The issue you are seeing is because the SMS 2003 discovery methods cannot handle an empty memberof attribute. To be technically accurate they can’t distinguish between an empty or unreadable memberof attribute.


As you might have deducted from the information above, the issue you are seeing is because you have users and/or computers in your discovery scope that are only a member of a single group. The fix is easy enough, just add all users and computers to a dummy group to make sure the memberof attribute is no longer empty. The rest of this article will show you the necessary steps to identify which users and/or computers have an empty member of attribute.


Query Users with Empty Memberof attribute (Requires Active Directory 2003)


Open Active Directory Users & Computers


Open Saved queries


Right-click and select new query


Type in a name for the query


Click Define Query


In the Find list box select Custom Search


Click the Field button, select user  and member of


In the condition list box select Not Present, click Add and Ok twice.


 Query Computers with Empty Memberof attribute (Requires Active Directory 2003)


Open Active Directory Users & Computers


Open Saved queries


Right-click and select new query


Type in a name for the query


Click Define Query


In the Find list box select Custom Search


Click the Advanced tab and type in type in the following query:


(&(&(objectCategory=computer)(!memberOf=*)))


Add Users to a group to avoid discovery issue


Create a group called GG_Sms2003dummyusersgroup  (or another namesthat is in line with your naming convention).


Multi select the users you found in the previous query and add them to the GG_Sms2003dummyusersgroup


Multi select the computers you found in the previous query and add them to the GG_Sms2003dummycomputersgroup


Add Computers to a group to avoid discovery issue


Create a group called GG_Sms2003dummycomputersgroup (or another name that is in line with your naming convention).


In the view menu select Users, Groups and computers as containers


Make sure you open up the + signs so that you can see the group you created in the tree pane.


Go back to the results of your query, multi-select all the results and drag them into the group in the tree pane.


You should see a box stating the Add to group operation was succesfully completed.


 


Enjoy




“Everyone is an expert at something”
Kim Oppalfens – Sms Expert for lack of any other expertise
Windows Server System MVP – SMS
http://www.blogcastrepository.com/blogs/kim_oppalfenss_systems_management_ideas/default.aspx


 


 

Tweet about this on TwitterShare on FacebookShare on Google+Share on LinkedInPin on Pinterest