Troubleshooting

LDAP Query References

• some helpful prebuild queries can be found here
• the following is basically active users (technically its object is a user, not a contact, has an email, and is not inactive) 
  
  • (&(objectClass=User)(!objectClass=Contact)(mail=*)(!userAccountControl:1.2.840.113556.1.4.803:=2))

 

Loading lots of Users

This article describes how you are supposed to be able to tweak the SizeLimit and the PageSize (both of which can be changed in the appSettings.json file found in the install location of the tool, keep in mind the tool will have to be restarted if you change those), to control loading users in batches, however, I just got off a call where we were not able to get more than 1000 users loaded not matter how we changed those 2 variables. It's possible it was because they were using an older version of AD, but we are actually not sure what version of AD they were using.

So... basically what customers have to do unless we decide to dig further on how we might load more than 1000 users, is an LDAP query that will filter the users to a set that includes all the users they want to sync, but is less than 1000 users total.

 

Multiple AD Groups w/ the same name

Though Active Directory will allow you to have multiple groups with the same name, our tool will not let you do this. In fact you will get and error message that probably won't make you think they have mulitple AD groups with the same name.

*An item with the same key has already been added. Key {SOME AD GROUP NAME HERE}.

This couldis havelikely beensomething duewe might be able to improve messaging and / or allow to sync multiple groups w/ the factsame thatname (maybe just append something to the end of one of the names in order to differentiate them), but for now, they need to rename one of the groups.

 

Running the tool on a domain controller

You can't do this. I (Quinn) was told this by Royce, neither of us know what this actually means as we are unfamiliar with AD, but just know it doesn't work.