Hi,

We are on SAP BusinessObjects BI Platform 4.1 Support Pack 5 Patch 3 (Windows 2012 and Tomcat and we use Windows AD Authentication. Recently we started noticing one issue - New users are not mapped into BO from AD. Our Windows AD plugin scheduler runs for every 20 mins. Existing user’s role updates as expected but new users are not added to the system. There are NO errors in the Event logs, Application logs or Tomcat logs. But when we click on manual update on the Windows AD, it fetches the new user. SAP recommendation is to increase the schedule from 20 mins to 8 hours. We still face the issue.
Any help is appreciated.

Thanks

Sree Konduri (BOB member since 2005-07-14)

I agree with SAP’s recommendation… having the update run every 20 minutes is an overkill. One location to look at is the schedule history of the update schedule in Instance manager. Check if the latest instance has run successfully or if it failed.

BOB_DW (BOB member since 2004-08-26)

Thanks for the feedback. Yes, we did change the schedule to 8 hours but we still experience the issue. We don’t have many users in the system though.

Where we do check the schedule history? I know, in the older versions (3x), it was stored in Administrative tools. I don’t see that folder any more.

Thanks

Sree Konduri (BOB member since 2005-07-14)

You can see the schedule history in Instance Manager. Look for owner as “Administrator”.

BOB_DW (BOB member since 2004-08-26)

We are on 4.2 SP6 patch 4 and we sometimes see a similar problem. In our case we may have multiple new users and 1 or 2 may not get mapped into BO. When this happens we will manually run it and they will get mapped. Ours is scheduled to run every 2 hours. I also discovered if we run the AD update immediately after entering a new user into the AD group the user will not get mapped. The Infrastructure group says it is probably because the update to the AD group has not replicated through all the domain servers and could take a few minutes.

richardcottave (BOB member since 2006-03-30)

That (AD Sync) is the case for us 9 out of 10 times as we have 4 AD servers across different data centers.

BOB_DW (BOB member since 2004-08-26)

We have 4 Domain Controllers and it takes approximately 15 mins to replicated across all. But in BO, it doesn’t reflect even after 2 days.
We have checked in all the DC’s to make sure, the account exists there.

As soon as it updated manually, it reflects in BO.

Thanks

Sree Konduri (BOB member since 2005-07-14)

That proves out that there aren’t any issues on the AD side of things.

On BO do you have the schedule for both Group Memberships as well as User Aliases?

Also have you had a chance to look at the instance manager and does it all say “Success” for all of the recent schedules?

BOB_DW (BOB member since 2004-08-26)

Thanks for the reply.
From BO perspective, nothing changed and it has worked for 5 years.
We have only AD Group alias update is scheduled. my understanding is that, it will refresh members of the groups that added to the CMC. And it worked for us several years.

Please correct me if i’m wrong.

Thanks

Sree Konduri (BOB member since 2005-07-14)

As a good practices I always have both of those scheduled.

What is the status of your “last scheduled update” for Windows AD. Did you check instance and see if there was a successful instance?

Also do check “1346587 - Schedule User’s AD Alias Updates is not updating AD users”.

BOB_DW (BOB member since 2004-08-26)

Thanks for the article. But it doesn’t apply here. All services are included in the AJS and AJS is enabled and running without any issues.
I also, enabled User Alias schedule. But after that also, user is not showing in th e CMC.

I do not see any Windows AD schedules in the programs or Instance Manager.

Thanks

Sree Konduri (BOB member since 2005-07-14)