Home Analyst Portal

Does the Cachebuilder search other domains than its current one?

Morten_MeislerMorten_Meisler Premier Partner Advanced IT Monkey ✭✭✭

I know this has been addressed before, I just want to make sure this is the default behavior and not some configuration / permissions I'm missing.

- I have a Cireson Portal server with SCSM MS installed, and a SCSM WF Server in Domain A

 - I have 3 domains in the same forest A,B,C

 - I have setup AD-connectors for these 3 domains that syncs all users and groups from each one.

- Service Account is located in Domain A and is the same for all AD-connectors and is the one used for the Cireson Cache Builder and IIS Application pool

- In the Navigation Nodes I have assigned several AD Groups from Domain B.

All these groups have been synced into CMDB and is also synced into ServiceManagement db group table.

Now every time the cache-builder syncs, it throws this error for each group in Domain B:

2017-12-18 15:34:42,234, ERROR [  13]:  Group not found: cn=groupFromDomainB,ou=SCSMGroups,dc=DomainB,dc=net

(names replaced)

So my question is if this is default behaviour? It seems like the cachebuilder refuses to search in other domains than itself (Domain A). Even though the LDAP path clearly indicates to search in Domain B and there is also a domain column specifying Domain B.

If yes: I think this should be fixed.

If no: What am I doing wrong?

Thanks for the help :)


  • Justin_WorkmanJustin_Workman Cireson Support Super IT Monkey ✭✭✭✭✭
    Hey Morten, 
    Have you tried nesting your groups?  Best practice is have users in a global group in Domain B; Add that Group to Universal Group in Domain B; add Universal Group from Domain B to Local Group in Domain A.  
    Hope that helps!
  • Morten_MeislerMorten_Meisler Premier Partner Advanced IT Monkey ✭✭✭
    edited December 2017
    Thanks Justin. Actually I do know about this workaround, and that's probably going to be the solution. Either that or make some new groups in Domain A. But it is still a workaround, I can't see why the particular method/service in the C# code for the cachebuilder that looks up users does not take domain into account - I mean it's right there to use.

    That's why I'm asking if this was still the case. I believe it's one of those rare cases of: easy effort, high value things - but maybe it's just me :)

Sign In or Register to comment.