Managing Directory User Group Integration in Workspace ONE UEM

An alternative to custom user groups without active directory integration is through user group integration that applies your existing active directory structure, providing many benefits.

Once you import existing directory service user groups as Workspace ONE UEM user groups, you can perform the following actions:

  • User Management: Reference your existing directory service groups (such as security groups or distribution lists) and align user management in Workspace ONE UEM with the existing organizational systems.
  • Profiles and Policies: Assign profiles, applications, and policies across the Workspace ONE UEM deployment to groups of users.
  • Integrated Updates: Automatically update user group assignments based on group membership changes.
  • Management Permissions : Set management permissions to allow only approved administrators to change policy and profile assignments for certain user groups.
  • Enrollment: Allow users to enroll with existing credentials and automatically assign an organization group.

Monitor the performance of your Directory Services

Workspace ONE UEM ensures that device management and syncing continues even during rare lapses in connectivity. You can improve the performance of Directory Services by ensuring that the server maximizes available resources.

Skipping a Tenant After Three Sync Timeouts

If the directory sync of a tenant times out 3 times in a row, Workspace ONE UEM skips that tenant and proceeds to synchronize the next tenant, as applicable. A sync times out if a device does not respond for 15 minutes. This timing means that the maximum delay is 45 minutes before the next tenant sync attempt.

A console event log is created after the third sync timeout with the following properties.

  • Name of event – EnterpriseIntegrationLDAPSyncError.
  • Event data – OG name, error description (Sync failed three times in a row. Sync skipped.).
  • Event severity level – Error.

Skipping a Tenant After VMware Enterprise Systems Connector Connection Error

If the link to the VMware Enterprise Systems Connector is not working or if the test connection fails, then the sync fails to begin. The next tenant sync commences according to the Lightweight Directory Access Protocol (LDAP) configuration.

The console event log is created after a VMware Enterprise Systems Connector connection error with the following properties.

  • Name of event – EnterpriseIntegrationACCConnectionFailed.
  • Event data – Reason and OG name.
  • Event severity level – Error.

For more information about the Event Log, see Event Log.

Troubleshooting Synchronization Errors

Ensure the Directory Sync Service and the Scheduler Service are running on the same server, since they write to and read from the same queues.

check-circle-line exclamation-circle-line close-line
Scroll to top icon