Active Directory permissions?!
Jarrod Plevel
this is from the ad user discovery agent:
SMS Active Directory User Discovery Agent reported errors for 1 objects.
DDR's were generated for 1 objects that had errors while reading non-critical
properties. DDR's were not generated for 0 objects that had errors while
reading critical properties.
Possible cause: The SMS Service might not have access to some properties of
this object. The container specified might not have the properties available.
Solution: Please verify the Active Directory schema for properties that are
not replicated or locked. Refer to the discovery logs for more information.
this is from ad system discovery agent:
SMS Active Directory System Discovery Agent reported errors for 8 objects.
DDR's were generated for 0 objects that had errors while reading non-critical
properties. DDR's were not generated for 8 objects that had errors while
reading critical properties.
Possible cause: The SMS Service might not have access to some properties of
this object. The container specified might not have the properties available.
Solution: Please verify the Active Directory schema for properties that are
not replicated or locked. Refer to the discovery logs for more information.
Now I have, and continue to fix permissions on the "systems management"
container under system in active directory by adding the correct server to be
able to change stuff. This seems to work sometimes, but then, i guess when
new users/systems are put in, these errors come up, how can i keep this from
happening again?
dot Oppalfens@googlemail.com Kim Oppalfens <MVP>
management container wich allow you to publish data to ad.
And the necessary permissions to discover new resources in sms.
The issue you are seeing is actually based on some ad internals.
Ad users have two group related properties, primarygroup & memberof.
Now if a user is only member in one group than the memberof attribute is
empty. Sms unfortunately does not distinguish between an empty memberof
attribute and the inability to read the memberof attribute. The net result
is that any users that are only a member of 1 group will throw this error
during a discovery.
The workaround is rather simple just add the user to an additional group
that you create just for this purpose.
Since you only have 1 user in this case I would gamble it to be kbrtgt, but
you would have to enable verbose logging on ad user discovery to get a
definitive list.
--
Kim Oppalfens
Telindus Belgium
MVP Windows Server System - SMS
"Jarrod Plevel" <Jarrod...@discussions.microsoft.com> wrote in message
news:92FB8864-7A74-4304...@microsoft.com...
Jarrod Plevel
computers in it, because i guess each computer or user needs to be part of at
least 1 group so they do not get errors in sms. So the 8 errors for system
will be resolved in the same manner?
dot Oppalfens@googlemail.com Kim Oppalfens <MVP>
--
Kim Oppalfens
Telindus Belgium
MVP Windows Server System - SMS
"Jarrod Plevel" <Jarrod...@discussions.microsoft.com> wrote in message
news:B5A5BE6E-4C42-4375...@microsoft.com...
Jarrod Plevel
users i do not have in groups?
dot Oppalfens@googlemail.com Kim Oppalfens <MVP>
hklm\software\microsoft\sms
drill down to components, find the ad components put a value of 1 in
verbose.
--
Kim Oppalfens
Telindus Belgium
MVP Windows Server System - SMS
"Jarrod Plevel" <Jarrod...@discussions.microsoft.com> wrote in message
news:D33A1395-FCA5-4D15...@microsoft.com...
Jarrod Plevel
directory that do not exist anymore i am still left with one error/warning.
This is it: DsAddressToSiteNames Failed . Error: 1722~
$$<SMS_AD_SYSTEM_DISCOVERY_AGENT><Thu Dec 15 05:00:41.866 2005 Pacific
Standard Time><thread=2432 (0x980)>. What does that mean?
dot Oppalfens@googlemail.com Kim Oppalfens <MVP>
--
Kim Oppalfens
Telindus Belgium
MVP Windows Server System - SMS
"Jarrod Plevel" <Jarrod...@discussions.microsoft.com> wrote in message
news:A75AEFD2-62A7-4664...@microsoft.com...