Active Directory Connector - No users found
I've downloaded the latest release of the AD connector (v1.2) and followed the instructions. However, when trying to Save & Run, the script runs, finds the AD group, but detects no users.
This happens no matter what group I use - even Domain Users finds 0 users. The groups are successfully found in the GUI and the full group name is correct.
Server OS is 2016 & AD is Server 2016 functional level.
Any ideas? This is such a simple setup it's difficult to believe that I've done anything wrong and there are no errors, just no users!
Best Answer
-
Hi,
Did you check the option "Include users of nested AD groups"?
Also, the AD connector script filters out users that are disabled or do not have a primary email address set.
You can try to execute the following Powershell snippet to see if users can be fetched properly. The AD connector script does a very similar call.
@("CN=Group1,CN=Users,DC=test") | `
ForEach-Object { `
$searcher = New-Object System.DirectoryServices.DirectorySearcher
$searcher.Filter = "(&(objectClass=user)(memberOf:1.2.840.113556.1.4.1941:=$_))"
$searcher.PropertiesToLoad.AddRange(@("name", "mail", "userAccountControl"))
$searcher.FindAll() | `
ForEach-Object { @{
Email = [string]($_.Properties.mail)
Name = [string]($_.Properties.name)
IsEnabled = [bool](($_.Properties.useraccountcontrol.Item(0) -BAND 2) -eq 0)
}}
} | Format-List | Out-String(Just replace the "CN=..." string in the first line with your group name)
5
Answers
-
Hi,
Did you check the option "Include users of nested AD groups"?
Also, the AD connector script filters out users that are disabled or do not have a primary email address set.
You can try to execute the following Powershell snippet to see if users can be fetched properly. The AD connector script does a very similar call.
@("CN=Group1,CN=Users,DC=test") | `
ForEach-Object { `
$searcher = New-Object System.DirectoryServices.DirectorySearcher
$searcher.Filter = "(&(objectClass=user)(memberOf:1.2.840.113556.1.4.1941:=$_))"
$searcher.PropertiesToLoad.AddRange(@("name", "mail", "userAccountControl"))
$searcher.FindAll() | `
ForEach-Object { @{
Email = [string]($_.Properties.mail)
Name = [string]($_.Properties.name)
IsEnabled = [bool](($_.Properties.useraccountcontrol.Item(0) -BAND 2) -eq 0)
}}
} | Format-List | Out-String(Just replace the "CN=..." string in the first line with your group name)
5 -
Thanks - the issue was that the users did not have the Primary Email Address field populated.
Now I just need to work out how to get SSO working....0
