4 Replies Latest reply on Sep 19, 2013 2:54 PM by Robert Chase

    Adding AD new users at a remote site

    Jochen Davis

      Hi All,

      ===

      Context:

       

      Version and OS: ePDM 2013-SP3, Win2008 ENT R2.  Clients on Win7

       

      AD:  Single domain, users are listed according to their local goe-site,  ie cn=username, ou=groupname, ou=sitename, dc=company, dc=com.  AD is synched and global catalogue is accessable.  There is a DC at the local site, DNS resolves the domain name to the local DC

       

      We have multiple archives located at remote sites replicating back into the centre.

       

      Remote sites are connected by a relatively large pipes, remote sites typlically have contention under 100ms to the centre.

       

      We are using AD groups to grant access local archives.  Only the local AD group have access to the local archive

      ===

       

      Issue:  At the remote site, when the local PDM admin clicks 'list users' (these would be from the local AD group into which the user has been added)  users are not listed.  However on the central system, this is instant.

       

      If the user is added from the central system, they are login with their AD account details without issues

       

      ==

       

      Tried so far: pointing client PC to central DC and DNS, using different AD users as administrators, configuring a domain admin as a PDM admin users (to see if its a domain security issue), made sure I can query LDAP with any of the AD users to pull the user list, stopped Symantec AV.

       

      Seemly that on way to get it to work is to add PDM users as local users on the local archive server at the remote site - we donot want to go there are we are a large organisation.

       

      Nothing shows in the logs to give an idea of what's going on.

       

      ePDM cleint seems to be wating on something

       

      ==

       

      Has anyone seen this issue or can give any leads?

       

      Thanks,

      Jochen