Hi Team,
I am facing an issue aggregating accounts from admin OU. The serviceAccount has necessary permissions, and the aggregation is scanning the accounts but the accounts are not being displayed. Any idea?
This seems to be working in Sandbox, but does not work in Prod! The aggregation is returning zero accounts! But it scans around 1067 users!
Hi,
Did you changed any schema? Can you check the schema once?
-Abhinov
Hi @Abhinov7 ,
It’s the default schema in both the environments!
Hi @Prashanth0707 ,
Have you given any account filter in source?
If yes, could you please share that.
Can you cross check that with what it is in sandbox
Thanks
Hi Prasanth - sounds like permissions to me. When you say the service account has access have you tried the service account with a standlone ldap client like ldp.exe? The service account could have list contents on the OU (so will return the number of objects) but maybe not read attributes on the objects.
Hi @j_place ,
It does not appear to be a permissions issue, as I have verified granting the service account the highest level of permissions which should be able to read everything from the domain! But it doesn’t!
Hi Prasanth - have you confirmed with ldp.exe (or equivalent)? There could be a deny ACL on there.
seems like the new identity Attribute that was made searchable and added to the correlation was the issue. Remove the attribute and the aggregation worked perfectly fine and was bringing all accounts !