https://community.checkpoint.com/t5/Spark-Firewall-SMB/SMB-integrate-AD-issue/m-p/223881#M11233 <P>Is there a way to force the sync with AD to occur?<BR />Because it seems like that's the issue here...that a new group was created and it is not available on the appliance.</P> Fri, 16 Aug 2024 18:07:36 GMT PhoneBoy 2024-08-16T18:07:36Z https://community.checkpoint.com/t5/Spark-Firewall-SMB/SMB-integrate-AD-issue/m-p/223705#M11226 <P>Hi there,</P><P>I am currently encountering an AD issue at a client’s site. I would like to know if anyone else has experienced the following:</P><OL><LI>I integrated SMB with AD and added a user account in AD with domain admin and schema admin permissions.</LI><LI>I created a new group in AD.</LI><LI>I added a remote access user in SMB, but the newly created group in AD cannot be found. Interestingly, existing groups can be found.</LI></OL><P>It seems like an AD issue. Are there any additional settings required in AD?</P> Thu, 15 Aug 2024 03:20:24 GMT https://community.checkpoint.com/t5/Spark-Firewall-SMB/SMB-integrate-AD-issue/m-p/223705#M11226 patrick2 2024-08-15T03:20:24Z https://community.checkpoint.com/t5/Spark-Firewall-SMB/SMB-integrate-AD-issue/m-p/223719#M11227 <P>Hi <a href="https://community.checkpoint.com/t5/user/viewprofilepage/user-id/114206">@patrick2</a>&nbsp;</P> <P>To get closer to the issue:</P> <UL> <LI>Do you use Identity Collecor, or how do you connect the SMB to the AD?</LI> </UL> <P>If you want to browse the whole tree in the Access Role object, you can find all ot the groups, except the newly created one?</P> <P>Here:</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="2024-08-15 09_40_13-Cloud Demo Server [ID_531263718]-R81.20-SmartConsole.png" style="width: 640px;"><img src="https://community.checkpoint.com/t5/image/serverpage/image-id/27248i9CDC86859DBF0AA7/image-dimensions/640x375?v=v2" width="640" height="375" role="button" title="2024-08-15 09_40_13-Cloud Demo Server [ID_531263718]-R81.20-SmartConsole.png" alt="2024-08-15 09_40_13-Cloud Demo Server [ID_531263718]-R81.20-SmartConsole.png" /></span></P> <P>&nbsp;</P> <P>Ad Query is not a supported way as earlier was. <A href="https://support.checkpoint.com/results/sk/sk60301" target="_self"><SPAN>Check Point recommends to use Identity Collector as the Identity Source instead of AD Query</SPAN></A></P> <P>There is an sk:&nbsp;<A href="https://support.checkpoint.com/results/sk/sk106133" target="_blank">https://support.checkpoint.com/results/sk/sk106133</A>&nbsp;maybe it can help to start the investigation way.</P> <P>&nbsp;</P> <P>Akos</P> Thu, 15 Aug 2024 07:50:08 GMT https://community.checkpoint.com/t5/Spark-Firewall-SMB/SMB-integrate-AD-issue/m-p/223719#M11227 AkosBakos 2024-08-15T07:50:08Z https://community.checkpoint.com/t5/Spark-Firewall-SMB/SMB-integrate-AD-issue/m-p/223784#M11228 <P>What firmware version?<BR />Sounds like a caching issue.&nbsp;<BR />This may require a TAC case.</P> Thu, 15 Aug 2024 17:27:59 GMT https://community.checkpoint.com/t5/Spark-Firewall-SMB/SMB-integrate-AD-issue/m-p/223784#M11228 PhoneBoy 2024-08-15T17:27:59Z https://community.checkpoint.com/t5/Spark-Firewall-SMB/SMB-integrate-AD-issue/m-p/223820#M11229 <P>Hi,</P> <P>Do you use centrally or locally managed SMB?</P> <P>Please note that, by default, AD groups are automatically synced every 24 hours.</P> <P>Thanks,&nbsp; &nbsp;</P> <P>&nbsp; &nbsp;Dafna</P> <P>&nbsp;</P> Fri, 16 Aug 2024 05:13:51 GMT https://community.checkpoint.com/t5/Spark-Firewall-SMB/SMB-integrate-AD-issue/m-p/223820#M11229 Dafna 2024-08-16T05:13:51Z https://community.checkpoint.com/t5/Spark-Firewall-SMB/SMB-integrate-AD-issue/m-p/223821#M11230 <P>Hi&nbsp;<SPAN>Akos</SPAN></P><P>1.I use Active Directory Queries in SMB to integrate AD and do not use the Identity Collector function.</P><P>2.Yes, I can find all the groups except for the newly created ones.</P> Fri, 16 Aug 2024 05:14:07 GMT https://community.checkpoint.com/t5/Spark-Firewall-SMB/SMB-integrate-AD-issue/m-p/223821#M11230 patrick2 2024-08-16T05:14:07Z https://community.checkpoint.com/t5/Spark-Firewall-SMB/SMB-integrate-AD-issue/m-p/223822#M11231 <P>Hi PhoneBoy</P><P><SPAN>R81.10.10 (996002993)</SPAN></P> Fri, 16 Aug 2024 05:14:43 GMT https://community.checkpoint.com/t5/Spark-Firewall-SMB/SMB-integrate-AD-issue/m-p/223822#M11231 patrick2 2024-08-16T05:14:43Z https://community.checkpoint.com/t5/Spark-Firewall-SMB/SMB-integrate-AD-issue/m-p/223881#M11233 <P>Is there a way to force the sync with AD to occur?<BR />Because it seems like that's the issue here...that a new group was created and it is not available on the appliance.</P> Fri, 16 Aug 2024 18:07:36 GMT https://community.checkpoint.com/t5/Spark-Firewall-SMB/SMB-integrate-AD-issue/m-p/223881#M11233 PhoneBoy 2024-08-16T18:07:36Z https://community.checkpoint.com/t5/Spark-Firewall-SMB/SMB-integrate-AD-issue/m-p/223900#M11239 <P>Hi&nbsp;<a href="https://community.checkpoint.com/t5/user/viewprofilepage/user-id/7">@PhoneBoy</a>&nbsp;</P> <P>The <EM>#pdp update all</EM> command maybe helps</P> <P>Command: root-&gt;update</P> <P>Available options:<BR /><STRONG>all - recalculate all users and machines group membership</STRONG><BR />specific - recalculate group membership for a user/machine<BR />refetch_interval - LDAP user info refetch interval<BR />update_rate - the max number of sessions updated within a minute</P> <P>Akos</P> Sat, 17 Aug 2024 09:30:19 GMT https://community.checkpoint.com/t5/Spark-Firewall-SMB/SMB-integrate-AD-issue/m-p/223900#M11239 AkosBakos 2024-08-17T09:30:19Z