Warning "Failed to get members of local groups of domain 'xxxx.xxxx.xxxx.com'" when performing a backup where 'xxxx.xxxx.xxxx.com' is a different domain than the one being backed up.
This can occur due to network connectivity, DNS, the DC unable to complete the query, and/or permission issues in your AD forest
WORKAROUND #1:
Check (and resolve) network connectivity, DNS and/or permission issues in the AD forest especially between the GC being backed up and Global Catalog servers in the 'xxxx.xxxx.xxxx.com' domain. Confirm you can ping DCs in the other domain by both shortname and FQDN. Confirm port 389 is open between the GC being backed up and the DCs in the other domain. If the DCs in the remote domain have protection software running (such as Symantec Endpoint Protection), try disabling the software to see if the error is resolved. If so, investigate why the protection software is preventing the DC from completing the query request.
WORKAROUND #2:
If the group that contain members from other domains is not prone to changes or local group membership of the other domain is not required then this can be disabled using the below steps:
1. Right-click on the Computer Collection and choose Properties and then select the Advanced tab.
2. Uncheck the "When backing up Global Catalog servers, collect group membership information from all domains within the Active Directory forest."
3. Click OK and then run collections as normal.
WORKAROUND #3:
The collect group membership option does not have to be enabled for all collections. If you have determined there are specific DCs where this issue always occurs, you can place these DCs in a separate collection with the collection group membership not enabled. When restoring groups, you would need to ensure you do not use backups from the DCs in the collection with the option disabled.
This affects all versions of Recovery Manager for AD
© 2024 Quest Software Inc. ALL RIGHTS RESERVED. Feedback Terms of Use Privacy Cookie Preference Center