User account not displayed in the “User Role Assignment” result pane if the user account was not created in the “Users” OU.

Version 3

    Purpose

     

    The purpose of this document is to show how to assign a new user account to a user role IF:

    • The new user account is created in a different OU other than "Users", when unchecking "Quck Search" doesn't display new user account.
    • There are more than 100 users in "Users" and other OUs combined.

     

    Symptoms

     

    When attempting to assign a new user account for a user role, and if you have more than 100 user accounts throughout your organisation units in the active directory, chances are, you won't be able to see the new user account:

    1. if you create it in a different OU other than "Users" OU as depicted in the screenshots below.
    2. When you uncheck the "Quick Search"  box in the "Find User" pop-up

     

    1)I created a new account named “Michael Long” in a different OU called “EDW”. This OU contains all other users. This is a normal domain user account.

       2) On the “Patch for Windows” management console, when clicking on “Manage – User Role assignment – New – Find User”

    Clicking on the “Quick Search” will not display the new user account. This is because the “Quick search” function would only search for accounts within the “Users” OU on the active directory.

     

    3) By right, when unchecking the “Quick search”, it will search for all the user accounts from all OUs on the active directory and display them in the result pane. But at times, you won’t be able to see the new user account listed, as shown below, the new user account “Michael Long” is not within the list. The user accounts are listed with alphabetical order.

     

    Resolution

     

    In this case, please add the new user account manually and create the new role.

    1) Click New
    2) Type in domain\username
    3) Set Role
    4) Click OK.

    New account added

    In the “Patch for Windows Administration” guide, it also states:

    “All configured users must have access to the database. If users without administrative rights on the console machine receive an error when starting Ivanti Patch for Windows Servers, it probably means they don’t have the necessary SQL Server permissions.”

     

    i) Apart from creating the new role based on the new user account, the new user account must exists in the SQL server.

     

    ii) Please also add this new user in the local "Administrators" group on the "Patch for Windows" actual server.

    iii) Last but not least, if you have any multiple active VM sessions for the Shavlik protect server, please close them all, and login using that new account. Or reboot.

     

    Additional Information

     

    According to internal sources, this scenario is an expected behavior. It is a limitation to the API we use to interact with AD to obtain the complete list of users. It is not a defect, and a change request to enhance the search feature in the future was already in place.

     

    Affected Products

     

    Shavlik Patch for Windows 9.x