Problem in adding domain group to local group - Desktop Authority Management Suite (DAMS) - Desktop Authority - Dell Community

Problem in adding domain group to local group

Problem in adding domain group to local group

This question is answered

Hi Guys,

I am using Desktop Authority version 9, I want to add a domain group to local admin group in all computers in a OU. It is working perfectly fine with only one OU and I have deploy this in another OU as well. Can someone tell what can be the problem?

Verified Answer
  • Yes, that means that the element for local account management is located inside of a profile (yellow folder icon) and you must check the validation logic at the profile level.  Select that yellow folder and then check the validation logic settings at the profile level.  You might also have a parent profile to the profile that you created the element in and you must also check the validation logic on that profile. 

    It appears from the message that you have Profile A which is the parent and Profile B which is a child profile of A and an element inside of Profile B.  So, you must ensure that the validation logic on the element, the validation logic on the profile that the element resides in and the parent profile all validate as true.

    The logic is very similar to a network share.  The first level of permissions are the share level permissions and then the second level is the NTFS or security permissions.  Even if a user has full security or NTFS permissions, they must first be able to get through the share level permissions at the top level.

All Replies
  • Check your validation logic.  Are you checking if Computer is in a particular OU?  When your validating for the second OU I think you would use an OR statement because AND would be impossible (computer cannot be in one group AND another at the same time).

  • Actually I copied the same working element for another OU as well. I changed the workstation OU as location to target the computers and rest have to same.

    The operator is selected by default 'IF' in validation rule.

  • I would advise you to first view the computer management trace file which is located in the Windows\Temp\Desktop Authority directory on the target client machine.  You will see the client computer OU membership line in the Active Directory section of that file.  After confirming that the client machine is in fact in that OU, check to see if the element is shown as processing in that file or if there are any error messages. 

  • Thanks for your input.

    I've checked it and found this in log file, so you have any idea what it is? Apart from this there was no error related to user account management.

    XXX - India, Local Account Management CBM 1/1 did not validate. [Parent profile did not validate]

  • Yes, that means that the element for local account management is located inside of a profile (yellow folder icon) and you must check the validation logic at the profile level.  Select that yellow folder and then check the validation logic settings at the profile level.  You might also have a parent profile to the profile that you created the element in and you must also check the validation logic on that profile. 

    It appears from the message that you have Profile A which is the parent and Profile B which is a child profile of A and an element inside of Profile B.  So, you must ensure that the validation logic on the element, the validation logic on the profile that the element resides in and the parent profile all validate as true.

    The logic is very similar to a network share.  The first level of permissions are the share level permissions and then the second level is the NTFS or security permissions.  Even if a user has full security or NTFS permissions, they must first be able to get through the share level permissions at the top level.

  • Thank you so much buddy, I've made the changes from parent (Yellow Folder) and now its working Big Smile

    Just one think is that I can see element is not updated in all computers few computers are still left, what could be the problem with it?