Does the Cachebuilder search other domains than its current one?
Morten_Meisler
Premier Partner Advanced IT Monkey ✭✭✭
I know this has been addressed before, I just want to make sure this is the default behavior and not some configuration / permissions I'm missing.
- I have a Cireson Portal server with SCSM MS installed, and a SCSM WF Server in Domain A
- I have 3 domains in the same forest A,B,C
- I have setup AD-connectors for these 3 domains that syncs all users and groups from each one.
- Service Account is located in Domain A and is the same for all AD-connectors and is the one used for the Cireson Cache Builder and IIS Application pool
- In the Navigation Nodes I have assigned several AD Groups from Domain B.
All these groups have been synced into CMDB and is also synced into ServiceManagement db group table.
Now every time the cache-builder syncs, it throws this error for each group in Domain B:
2017-12-18 15:34:42,234, ERROR [ 13]: Group not found: cn=groupFromDomainB,ou=SCSMGroups,dc=DomainB,dc=net
(names replaced)
So my question is if this is default behaviour? It seems like the cachebuilder refuses to search in other domains than itself (Domain A). Even though the LDAP path clearly indicates to search in Domain B and there is also a domain column specifying Domain B.
If yes: I think this should be fixed.
If no: What am I doing wrong?
Thanks for the help 
Answers
Have you tried nesting your groups? Best practice is have users in a global group in Domain B; Add that Group to Universal Group in Domain B; add Universal Group from Domain B to Local Group in Domain A.
Hope that helps!
That's why I'm asking if this was still the case. I believe it's one of those rare cases of: easy effort, high value things - but maybe it's just me