Welcome Serena Central users! CLICK HERE
The migration of the Serena Central community is currently underway. Be sure to read THIS MESSAGE to get your new login set up to access your account.
Highlighted
orangoutang Absent Member.
Absent Member.
6208 views

eDirectory to Active Directory Migration Causing ZEN Issues

Hi All,

We are currently in the process of migrating from eDirectory to Active Directory (Please don't judge me, the decision was out of my hands!). We plan, however, to stick with ZCM 10. Most of our users are still logging into eDirectory, and we plan to switch everyone over in a month or two once everything is working as it should.

I've added the 2 user sources (both eDirectory and Active Directory) to the ZEN server, and assigned all the policies to both sets of users. The problem is that when I try to login to a workstation with Active Directory credentials, I get a ZEN login box asking me to login to ZEN. Our eDirectory users don't get this as we have a Dynamic Local User policy assigned to the workstations that handle it. Is that the way ZEN with Active Directory is supposed to work, or can we set it up so our users only need to enter their login credentials once? Our users are extremely fussy, and won't be happy about essentially having to login twice.

Any help anyone could provide would be very much appreciated.

Many thanks,
Gareth.
Labels (2)
0 Likes
8 Replies
Knowledge Partner
Knowledge Partner

Re: eDirectory to Active Directory Migration Causing ZEN Iss

orangoutang;1951041 wrote:
Hi All,

We are currently in the process of migrating from eDirectory to Active Directory (Please don't judge me, the decision was out of my hands!). We plan, however, to stick with ZCM 10. Most of our users are still logging into eDirectory, and we plan to switch everyone over in a month or two once everything is working as it should.

I've added the 2 user sources (both eDirectory and Active Directory) to the ZEN server, and assigned all the policies to both sets of users. The problem is that when I try to login to a workstation with Active Directory credentials, I get a ZEN login box asking me to login to ZEN. Our eDirectory users don't get this as we have a Dynamic Local User policy assigned to the workstations that handle it. Is that the way ZEN with Active Directory is supposed to work, or can we set it up so our users only need to enter their login credentials once? Our users are extremely fussy, and won't be happy about essentially having to login twice.

Any help anyone could provide would be very much appreciated.

Many thanks,
Gareth.

Hi Gareth,

This might have to do with user accounts within eDir and AD being identical?
How have you setup AD users? Have you synced the eDir users using IDM? A little more info on those details would be good.

If you can post more detail I'll try to get an answer as BrainShare is going on at the moment... so experts are at hand 😉

Cheers,
Willem

p.s. we are not judging, good thing you could keep ZCM inhouse. That is a very powerful tool no matter the directory you are on 😉
0 Likes
orangoutang Absent Member.
Absent Member.

Re: eDirectory to Active Directory Migration Causing ZEN Iss

Hi Willem,

Thanks for the swift response, and for not judging us! We did indeed sync our eDirectory with our new Active Directory using IDM, so both are identical. I did consider the fact that there would be duplicate login names between the 2 user sources, but strangely our eDirectory users don't get the ZCM login box, only the AD users. We have a Dynamic Local User policy applied to the workstations folder in ZEN, which gets applied to the workstations regardless of whether they're connecting to eDir or AD, (although the AD users technically wouldn't need it, I suppose).

Thanks again for your help, it's very much appreciated.

Gareth.
0 Likes
Knowledge Partner
Knowledge Partner

Re: eDirectory to Active Directory Migration Causing ZEN Iss

orangoutang;1951116 wrote:
Hi Willem,

Thanks for the swift response, and for not judging us! We did indeed sync our eDirectory with our new Active Directory using IDM, so both are identical. I did consider the fact that there would be duplicate login names between the 2 user sources, but strangely our eDirectory users don't get the ZCM login box, only the AD users. We have a Dynamic Local User policy applied to the workstations folder in ZEN, which gets applied to the workstations regardless of whether they're connecting to eDir or AD, (although the AD users technically wouldn't need it, I suppose).

Thanks again for your help, it's very much appreciated.

Gareth.

A quick test to rule things out would be to create a new AD account that's not connected to anything in any way and does not overlap existing user names... if that account logs in as expected you have your answer 😉
0 Likes
orangoutang Absent Member.
Absent Member.

Re: eDirectory to Active Directory Migration Causing ZEN Iss

Thanks for the suggestion. I've just tried what you suggested but the problem still persists. A unique user in AD that doesn't exist in eDir still gets presented with the ZEN login box.

Cheers,
Gareth.
0 Likes
nathan_cook Absent Member.
Absent Member.

Re: eDirectory to Active Directory Migration Causing ZEN Iss

You tried this. Worked for me when I had to use eDir for a few days as authentication to ZCM.
0 Likes
Micro Focus Expert
Micro Focus Expert

Re: eDirectory to Active Directory Migration Causing ZEN Issues

Use this registry setting to define the Default User Source when more
than one exists.

http://www.novell.com/documentation/zcm10/zcm10_system_admin/?page=/documentation/zcm10/zcm10_system_admin/data/bbtsocd.html

For devices migrated to AD, you likely want to set it to the AD User
Source. If users are still being prompted, you may want to verify they
can authenticate via the AD User source. If they can't, you need to
start troubleshooting that.

On 3/22/2010 7:56 AM, orangoutang wrote:
>
> Hi All,
>
> We are currently in the process of migrating from eDirectory to Active
> Directory (Please don't judge me, the decision was out of my hands!). We
> plan, however, to stick with ZCM 10. Most of our users are still logging
> into eDirectory, and we plan to switch everyone over in a month or two
> once everything is working as it should.
>
> I've added the 2 user sources (both eDirectory and Active Directory) to
> the ZEN server, and assigned all the policies to both sets of users. The
> problem is that when I try to login to a workstation with Active
> Directory credentials, I get a ZEN login box asking me to login to ZEN.
> Our eDirectory users don't get this as we have a Dynamic Local User
> policy assigned to the workstations that handle it. Is that the way ZEN
> with Active Directory is supposed to work, or can we set it up so our
> users only need to enter their login credentials once? Our users are
> extremely fussy, and won't be happy about essentially having to login
> twice.
>
> Any help anyone could provide would be very much appreciated.
>
> Many thanks,
> Gareth.
>
>


--
Please give a hearty thumbs up to any post you find helpful!
To find articles by Craig Wilson simply follow the link: Craig Wilson's Tips!
0 Likes
orangoutang Absent Member.
Absent Member.

Re: eDirectory to Active Directory Migration Causing ZEN Iss

Craig_wilson, you're a genius! That worked perfectly for us, thank you very much.

Thanks also to Willem for your time and suggestions.

All the best,
Gareth.
0 Likes
Knowledge Partner
Knowledge Partner

Re: eDirectory to Active Directory Migration Causing ZEN Iss

orangoutang;1951163 wrote:
Craig_wilson, you're a genius! That worked perfectly for us, thank you very much.

Cool, good thing Craig passed by 😉
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.