Not a Valid Active Directory Group or User Error When Installing a Second SCSM Management Server

Author by Christopher Mank

When you need to install a second Management Server in your SCSM environment, the process is pretty straightforward.  You run the same installer and instead of creating a new ServiceManager database, you just point to an existing one. After you select an existing database and click Next, the installer will show the Management Group Name and Administrators configured in the database.  These values were set during the install of the first Management Server for the environment.  When installing a second (or more) Management Server, these values are prepopulated and grayed out so you cannot edit them.  I was working with a client and installing a second Management Server and when we got to this page and clicked Next, we got the following error: xxxx is not a valid Active Directory group or user. Invalid AD group or user error Image Well that's pretty odd!  So I started to do some research and found a blog post from Dieter (found here) that mentions this error and a solution.  However in that blog, the user/group did in fact NOT exist.  In our case, the group did exist.  So how come we get this error for a group we know exists and we can't even edit the group listed? After some time spent in research, the issue was with the DSN suffix.  If for some reason the DNS suffix for the domain is not listed in the search order on the server, the installer will not be able to locate the user/group in AD, and thus throw this error.  So to correct this issue, you can follow the below steps. 1.  Browse to the Control Panel and go to Network and Internet --> Network Connections. 2.  Right-click on the proper connection and select Properties.  Select the proper protocol (IPv4 or IPv6) and click Properties. 3.  In the bottom corner, click the Advanced button. 4.  On the DNS tab, add the proper suffix (FQDN) to the search order and click OK. DNS Suffix Image 5.  Go back to the SCSM installer and you should now be able to advance past the Management group section. I hope this helps anyone who has encountered this issue.  A special thanks to Avery and Darlyne for helping to get this one figured out. Until the Whole World Hears, Christopher

Christopher Mank

Systems Architect