Description
Active Directory Synchronization Service (ADSS) does not sync organizational units (OUs) from Active Directory (AD), when Cora SeQuence and AD are located in different domains.
Cause
Active Directory settings are not configured correctly.
Affected Versions
All versions.
Solution
Several configurations are required
- In the Administration
web.config
file, include<add key="DefaultADDomain" value="Active Directory Domain Name" />
. - Navigate to Administrate site > Active Directory Settings > Active Directory Name, and add the AD name prefix, for example, PNMSOFT\SEQuser.
- Navigate to Administrate site > Active Directory Settings > Active Directory Name > Credentials, and add the AD name prefix, for example, PNMSOFT\SEQuser.
Notes
- The default user runs the local AD activities. You might need a specific user in the AD domain if the default user is in a different domain, or not authorized in the AD domain. This must be a user in the AD domain.
- Validate the correct AD filter, including the LDAP path and its syntax. For more information, see the Configure Active Directory Synchronization Service Guide.
- Verify in the ADSS
web.config
file that the domain="ActiveDirectoryDomainName". - Check the PANAM logs to verify that there are no errors.
- In v8.2 and later, navigate to Administration site > Manage Organization, and verify that Status=Running.
- In Administration site > Edit Organization, verify that all groups exist as they do in AD.
- After the Status=Completed (in the Manage Organization section), you can check that all users exist in Administration site > Administration > Organization Settings > Employees.