Symptom
- While browsing through the CMC > Groups, the list of users appears empty when selecting an AD group. Users lose their membership of groups and cannot login to the system
- In BusinessObjects CMS logs (no tracing enabled, asserts only), the following errors appear:
2011/02/27 11:05:52.814|>>|A| | 6760|1036| |||||||||||||||assert failure: (.\secplugin.cpp:2531). (false : The secWinAD plugin failed to get the name for the account with ID "S-1-5-21-211361085-4038243005-3459511423-xxxxxx". ). |
- As per Microsoft KB, hr=-2147016656 translates as "There is no such object on the server" (Please check the "See also" section for further reference)
- After enabling tracing, CMS logs show some users being part of no groups during AD graph update - highlighted below in bold. At this point it may show the wrong domain as part of the "DC" information:
2011/02/27 14:01:17.528|==| | | 6760|2836| |||||||||||||||WINAD: ADAggregationManager::GetNestedParents() -- Mapped group 'S-1-5-21-211361085-4038243005-3459511423-xxxxxx' not found in graph, possibly an invalid mapped group. |
Read more...
Environment
- Business Objects Enterprise XI 3.1
- AD authentication
Product
Keywords
r3 3.1 everyone group missing member sidhistory migrate domain , KBA , BI-BIP-AUT , Authentication, ActiveDirectory, LDAP, SSO, Vintela , Problem
About this page
This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP for Me (Login required).Search for additional results
Visit SAP Support Portal's SAP Notes and KBA Search.