Announcements

Would you like to co-innovate with us? If so, we’d like to invite you to become product development partners with us. Read more about it in our announcement Launch of the TeamViewer User Focus Program

Highlighted
Posted by KromeBR
Photon

Active Directory Connector - No users found

I've downloaded the latest release of the AD connector (v1.2) and followed the instructions. However, when trying to Save & Run, the script runs, finds the AD group, but detects no users.

This happens no matter what group I use - even Domain Users finds 0 users. The groups are successfully found in the GUI and the full group name is correct.

Server OS is 2016 & AD is Server 2016 functional level.

Any ideas? This is such a simple setup it's difficult to believe that I've done anything wrong and there are no errors, just no users!

1 Accepted Solution

Accepted Solutions
Posted by TeamViewer Staff
TeamViewer Staff
Solution

Re: Active Directory Connector - No users found

Hi,

Did you check the option "Include users of nested AD groups"?

Also, the AD connector script filters out users that are disabled or do not have a primary email address set.

You can try to execute the following Powershell snippet to see if users can be fetched properly. The AD connector script does a very similar call.

@("CN=Group1,CN=Users,DC=test") | `
    ForEach-Object { `
      $searcher = New-Object System.DirectoryServices.DirectorySearcher
      $searcher.Filter = "(&(objectClass=user)(memberOf:1.2.840.113556.1.4.1941:=$_))"
      $searcher.PropertiesToLoad.AddRange(@("name", "mail", "userAccountControl"))
      $searcher.FindAll() | `
        ForEach-Object { @{
          Email     = [string]($_.Properties.mail)
          Name      = [string]($_.Properties.name)
          IsEnabled = [bool](($_.Properties.useraccountcontrol.Item(0) -BAND 2) -eq 0)
        }}
    } | Format-List | Out-String

(Just replace the "CN=..." string in the first line with your group name)

2 Replies
Posted by TeamViewer Staff
TeamViewer Staff
Solution

Re: Active Directory Connector - No users found

Hi,

Did you check the option "Include users of nested AD groups"?

Also, the AD connector script filters out users that are disabled or do not have a primary email address set.

You can try to execute the following Powershell snippet to see if users can be fetched properly. The AD connector script does a very similar call.

@("CN=Group1,CN=Users,DC=test") | `
    ForEach-Object { `
      $searcher = New-Object System.DirectoryServices.DirectorySearcher
      $searcher.Filter = "(&(objectClass=user)(memberOf:1.2.840.113556.1.4.1941:=$_))"
      $searcher.PropertiesToLoad.AddRange(@("name", "mail", "userAccountControl"))
      $searcher.FindAll() | `
        ForEach-Object { @{
          Email     = [string]($_.Properties.mail)
          Name      = [string]($_.Properties.name)
          IsEnabled = [bool](($_.Properties.useraccountcontrol.Item(0) -BAND 2) -eq 0)
        }}
    } | Format-List | Out-String

(Just replace the "CN=..." string in the first line with your group name)

Posted by KromeBR
Photon

Re: Active Directory Connector - No users found

Thanks - the issue was that the users did not have the Primary Email Address field populated.

Now I just need to work out how to get SSO working....