Bigfix version 10.0.7.52. We are unable to retrieve the AD groups for a user. Looking in the AD cache for the user, I see the following error. When I access the user information in AD Users and Computers, it seems normal.
2.02xxxxxxx
Failed to get attribute “distinguishedName” : Windows Error 0x80070005: Access is denied.
Domain: XXXXXXXThu, 06 Apr 2023 10:56:40 -0700
No DN available to fetch groups
XXXXXXXX
XML content does not paste in very well.
Are there custom permissions in AD that would prevent “Domain Computers” from reading your user accounts? The BESClient would use the computer account to query AD, which should be a member of “Domain Computers”
The computer’s primary group is domain computers. It appears that the computer properties like Active Directory Organizational Units and Active Directory Path are correct in Bigfix. This seems to be a one off issue. Maybe the computer needs to be removed from the domain and re-added?
I don’t know how, but this problem has resolved itself.