Announcements

Shape the future of the TeamViewer product with our Product Team. Click here to join!

Posted by KromeBR
Photon

Active Directory Connector - No users found

I've downloaded the latest release of the AD connector (v1.2) and followed the instructions. However, when trying to Save & Run, the script runs, finds the AD group, but detects no users.

This happens no matter what group I use - even Domain Users finds 0 users. The groups are successfully found in the GUI and the full group name is correct.

Server OS is 2016 & AD is Server 2016 functional level.

Any ideas? This is such a simple setup it's difficult to believe that I've done anything wrong and there are no errors, just no users!

1 Accepted Solution

Accepted Solutions
Posted by TeamViewer Staff
TeamViewer Staff
Solution

Re: Active Directory Connector - No users found

Hi,

Did you check the option "Include users of nested AD groups"?

Also, the AD connector script filters out users that are disabled or do not have a primary email address set.

You can try to execute the following Powershell snippet to see if users can be fetched properly. The AD connector script does a very similar call.

@("CN=Group1,CN=Users,DC=test") | `
    ForEach-Object { `
      $searcher = New-Object System.DirectoryServices.DirectorySearcher
      $searcher.Filter = "(&(objectClass=user)(memberOf:1.2.840.113556.1.4.1941:=$_))"
      $searcher.PropertiesToLoad.AddRange(@("name", "mail", "userAccountControl"))
      $searcher.FindAll() | `
        ForEach-Object { @{
          Email     = [string]($_.Properties.mail)
          Name      = [string]($_.Properties.name)
          IsEnabled = [bool](($_.Properties.useraccountcontrol.Item(0) -BAND 2) -eq 0)
        }}
    } | Format-List | Out-String

(Just replace the "CN=..." string in the first line with your group name)

View solution in original post

2 Replies
Posted by TeamViewer Staff
TeamViewer Staff
Solution

Re: Active Directory Connector - No users found

Hi,

Did you check the option "Include users of nested AD groups"?

Also, the AD connector script filters out users that are disabled or do not have a primary email address set.

You can try to execute the following Powershell snippet to see if users can be fetched properly. The AD connector script does a very similar call.

@("CN=Group1,CN=Users,DC=test") | `
    ForEach-Object { `
      $searcher = New-Object System.DirectoryServices.DirectorySearcher
      $searcher.Filter = "(&(objectClass=user)(memberOf:1.2.840.113556.1.4.1941:=$_))"
      $searcher.PropertiesToLoad.AddRange(@("name", "mail", "userAccountControl"))
      $searcher.FindAll() | `
        ForEach-Object { @{
          Email     = [string]($_.Properties.mail)
          Name      = [string]($_.Properties.name)
          IsEnabled = [bool](($_.Properties.useraccountcontrol.Item(0) -BAND 2) -eq 0)
        }}
    } | Format-List | Out-String

(Just replace the "CN=..." string in the first line with your group name)

View solution in original post

Highlighted
Posted by KromeBR
Photon

Re: Active Directory Connector - No users found

Thanks - the issue was that the users did not have the Primary Email Address field populated.

Now I just need to work out how to get SSO working....