[KBA-00994] Troubleshooting the Active Directory role in Security Center - Security Center 5.9 - 5.13

Product
Security Center
Content type
KB articles
Version
5.13
5.12
5.11
5.10
5.9
Language
English
Last updated
2020-08-26

[KBA-00994] Troubleshooting the Active Directory role in Security Center

If you are experiencing problems with the Active Directory role in Security Center, learn about the symptoms, potential causes, and solutions to help you troubleshoot the issue.

Active Directory role not listed

When trying to create the Active Directory role in Config Tool, the role does not show up as an option in the list.

Solution: You need to be logged in with the Admin account to create the Active Directory role. Log in with the Admin account.

Active Directory role offline

The Active Directory role is offline (red) in the entity tree.

Solutions:

  • Verify the connection information to the Active Directory server:
    1. Open the System task, click Roles view, and select the Active Directory role.
    2. Click the Properties tab.
    3. Verify the hostname or IP address of the Active Directory server the Active Directory field.

      If the Security Center server that is hosting the Active Directory role cannot reach the Active Directory server, it cannot verify the user credentials.

  • Verify user credentials and permissions:
    1. Open the System task, click Roles view, and select the Active Directory role.
    2. Click the Properties tab.
    3. If the Status displays Error: Connection to Active Directory denied. Check service permissions or Server invalid credentials, there is a problem with the credentials being used by the role. Do one of the following:
      • If the Use Windows credentials option is selected to specify how the Active Directory role is connected to the AD server, the logon parameters of the Genetec™ Server service are used. Change the user that is running the Genetec™ Server service:
        1. Open Windows Services.
        2. Right-click the Genetec™ Server service, and click Properties.
        3. Click the Log On tab, select This account, and specify the credentials to use.
      • If the Use Windows credentials option is not selected to specify how the Active Directory role is connected to the AD server, provide the correct credentials for the account used to contact the Active Directory server.
  • Verify that the user the Genetec™ Server service is logging in with has read access to the Active Directory server, is a member of the domain, and has local administrator rights.

Active Directory users not listed

The Active Directory users are not listed User management task.

Solution:
  1. Open the System task, click Roles view, and select the Active Directory role.
  2. Click the Properties tab.
  3. In the Synchronized groups section, verify that the groups are listed. If the groups are not listed, import the groups.
  4. Next to the group name, make sure the As user group option is selected to verify that the group has been imported as a user group in Security Center. You can check in the Security task to see if the groups have been imported.
  5. Next to the group name, check if the Create user on first logon option is selected. If the option is selected, users are not shown in the system until the first time they log on.

If the Active Directory role is still offline, or if you are still experiencing issues with your Active Directory users in Security Center, contact the Genetec™ Technical Assistance Center (GTAC).