cancel
Showing results for 
Search instead for 
Did you mean: 

AD authentication problem, issue with SIDs

Former Member
0 Kudos

hi Guys,

environment = XIR2 SP2, running on 2 separate servers, in Test and Live.

Created a new AD group, and added it to Mapped AD Member Groups. An error message was returned (which I didn't capture!) which mentioned "duplicates in folders" ??

New AD group is visible in All Groups etc, but authentication is not working.

Tried it again with another test AD group, with same result.

Any attempt to update the Windows AD tab in CMC, gives following error:

Error updating Windows AD authentication properties: Active Directory Authentication failed to verify one or more of the mapped groups. If the problem persists, please delete and re-map into BusinessObjects Enterprise the following group(s): S-1-5-21-381331107-1882379211-181669542-40529; S-1-5-21-381331107-1882379211-181669542-40530

I've looked at these SIDs with psGetSid and they are not AD groups...

I've tried all this in Test and it works fine, just not in Live!

any thoughts/advice gratefully accepted!

Accepted Solutions (0)

Answers (1)

Answers (1)

BasicTek
Active Contributor
0 Kudos

there's a cleaner way of doing this but try using query builder

select * from ci_systemobjects where si_name='secWinAD'

Do not copy that type it.

When it returns all the sids will be listed and they correspond to the AD groups mapped in the CMC/auth/windowsAD

Regards,

Tim

Former Member
0 Kudos

hi Tim,

thanks for the reply.

That query gives me a list of the SIDs that are mapped, and it includes the 2 that XI is reporting a problem with.

(funny thing is, there are 17 SIDs listed, but there are 19 AD Groups listed on the Windows AD tab in CMC?)

Any ideas on how to get rid of the 2 problem SIDs?

I've tried removing them from the list in the Windows AD tab, and updating, but just get that error message...

BasicTek
Active Contributor
0 Kudos

That's not good, can you open a message with support? This could be tricky but I think we can detect the problem groups via test scripts or tracing (if needed).

Regards,

Tim

Former Member
0 Kudos

hi Tim,

I've taken your advice and raised a support message.

Regards.

Former Member
0 Kudos

problem solved....

turns out it was related to 2 old AD groups (that had been deleted), and not the 2 new AD groups I had set up.

BOBJ support provided a script that showed where the problem was.

(I blame the fact that I had just got back from holiday, and was still getting back up to speed!)