locked
SCSM not recognize group membership at self service portal RRS feed

  • Question

  • Hi,

    I am using SCSM 2016.

    At self service portal I am using several user roles to filter offerings to end users (finance users, managers, etc). Until now I am using Active Directory users at user roles. There is no problem.

    I've created Active Directory security groups, added users to these groups.

    At SCSM I deleted active directory users from user roles and added active directory groups..............then the users don't get service request at portal. The only message is: No offerings found.

    The questions are:

    Is it possible to use active directory groups at user roles?

    If yes

    How to configure SCSM to use active directory group membership to show offerings to users at self service portal?

    Thanks in advance!


    • Edited by SCCMadmin09 Friday, October 20, 2017 10:25 PM user rol
    Friday, October 20, 2017 10:20 PM

Answers

  • Hi

    You seem to be doing everything correct. You "clone" the end user role and gave it the correct permissions. This works when a user is added, but not an AD group. So the portal side should be fine. And it should work.

    The only thing I can think of is that the groups you have used are not being imported into Service Manager. I would check the following:

    • The AD Connector imports groups
    • And the AD Connector imports the OU with the groups in it
    • Also check to see if the groups are in Service Manager as Config Items (CI's) under Configuration Items\Users - search for the group name 

    Regards

    Glen 


    Web: www.xapity.com  |   Twitter: @xapityapps  |   Facebook: xapityapps

    Sunday, October 22, 2017 4:42 AM
  • Thanks Glen,

    The LDAP query was wrong, it only imports distribution groups.

    Deleted the current  AD connector and created a new one using "All computers, printers, users and user groups" option.

    • Marked as answer by SCCMadmin09 Wednesday, October 25, 2017 2:34 PM
    Wednesday, October 25, 2017 2:33 PM

All replies

  • Hi,

    all of the user roles I have created were cloned from "end users" role.

    Thanks!

    Friday, October 20, 2017 10:38 PM
  • Hi

    You seem to be doing everything correct. You "clone" the end user role and gave it the correct permissions. This works when a user is added, but not an AD group. So the portal side should be fine. And it should work.

    The only thing I can think of is that the groups you have used are not being imported into Service Manager. I would check the following:

    • The AD Connector imports groups
    • And the AD Connector imports the OU with the groups in it
    • Also check to see if the groups are in Service Manager as Config Items (CI's) under Configuration Items\Users - search for the group name 

    Regards

    Glen 


    Web: www.xapity.com  |   Twitter: @xapityapps  |   Facebook: xapityapps

    Sunday, October 22, 2017 4:42 AM
  • Thanks Glen. I will try your suggestions.

    The AD connector is the following:

    Monday, October 23, 2017 2:07 PM
  • Thanks Glen,

    The LDAP query was wrong, it only imports distribution groups.

    Deleted the current  AD connector and created a new one using "All computers, printers, users and user groups" option.

    • Marked as answer by SCCMadmin09 Wednesday, October 25, 2017 2:34 PM
    Wednesday, October 25, 2017 2:33 PM
  • Hi Glen,

    Many thanks for the post.

    I would request how could we validate the AD connector w.r.t the Service manager.

    I couldnt find any built in tool or the configuration relationship between the AD connector and service manager.

    I would appreciate your help here.

    Thanks

    Friday, November 2, 2018 2:13 AM