Genpact Cora Knowledge Center

Support

ADSS Does Not Sync OUs from AD

Description

Active Directory Synchronization Service (ADSS) does not sync organizational units (OUs) from Active Directory (AD), when Cora SeQuence and  AD are located in different domains.

Cause

Active Directory settings are not configured correctly.

Affected Versions

All versions.

Solution

Several configurations are required

  • In the Administration web.config file, include <add key="DefaultADDomain" value="Active Directory Domain Name" />.
  • Navigate to Administrate site > Active Directory Settings > Active Directory Name, and add the AD name prefix, for example, PNMSOFT\SEQuser.
  • Navigate to Administrate site > Active Directory Settings > Active Directory Name > Credentials, and add the AD name prefix, for example, PNMSOFT\SEQuser.

Notes

  • The default user runs the local AD activities. You might need a specific user in the AD domain if the default user is in a different domain, or not authorized in the AD domain. This must be a user in the AD domain.
  • Validate the correct AD filter, including the LDAP path and its syntax. For more information, see the Configure Active Directory Synchronization Service Guide
  • Verify in the ADSS web.config file that the domain="ActiveDirectoryDomainName".
  • Check the PANAM logs to verify that there are no errors.
  • In v8.2 and later, navigate to Administration site > Manage Organization, and verify that Status=Running.
  • In Administration site > Edit Organization, verify that all groups exist as they do in AD.
  • After the Status=Completed (in the Manage Organization section), you can check that all users exist in Administration site > Administration > Organization Settings > Employees.