selected domain is read only and cannot be used as a target

Hi All,


I'm getting the below error when importing clients to the policy manager.user has full access rights.any idea?Smiley Indifferent


"selected domain is read only and cannot be used as a target"








Best Answer

  • dandeliondandelion Posts: 31
    Accepted Answer

    Once you create an AD synchronization rule and bind it to a domain, this domain (and everything below it in the domain tree) becomes read-only: the underlying structure is taken from the AD and can't be modified manually. If you want to add some hosts manually, you need to create a policy domain outside this AD-managed domain, and add hosts there.


    Please note that if you bind an AD synchronization rule to the 'Root' domain, then the entire tree becomes read-only. In situations like yours, if you want to keep the ability to add hosts manually, you should bind the rules to the dedicated sub-domains in the domain tree, not the 'Root'. 






  • Is this target domain bound to any ActiveDirectory synchronization rule? 

  • asankaasanka Posts: 73

    hi Dandelion,


    Yes.there is a ActiveDirectory synchronization rule.



  • Hi,


    by design, the domains bound to AD synchronization rules can't be updated manually. You should use another domain for the hosts you'd like to add. 

  • asankaasanka Posts: 73



    You meant sub domain?how to create a another domain and add clients?Please elaborate



  • asankaasanka Posts: 73



    Thanks.issue is resolved now.just a another question.i just updated policy manger 12 to 12.20 and clients to 12.20 but client security shows cross mark saying that network connections malfunction.Please reply



  • Hello, 


    it's hard to say without specific data from your environment what's wrong. Please contact the F-Secure support on that issue. 

  • VadVad Posts: 1,051 F-Secure Employee

    Hello asanka,


    Network connections malfunction most likely is shown because F-Secure Anti-Virus Firewall Daemon service failed to start for some reason.

    To find the reason, additional information from affected machine(s) is required.


    Best regards,


This discussion has been closed.