It has been observed that at times, the users are not fetched successfully from a defined AD mapping. As a workaround to resolve this issue, a duplicate AD mapping would serve the purpose. In addition, the AD connector logs do not provide sufficient granular details as to what is occurring in these instances. To get more in-depth details, further analysis is required on the customer's domain controllers.
This article will provide a mechanism on how to further deep dive and provide details for engineering assistance.
Enable LDAP logging on the customer's AD server and get the logs for both the mappings. This will help to identify a potential root cause that can be further investigated.
Directory debugging collection
The following steps will allow the domain controller to log all the LDAP searches in the Directory Service log.
After troubleshooting the issue successfully, you should revert to the default settings.
- Set the value for "15 Field Engineering" to 5. The default value is zero.
Note: This value can be found in HKLM\System\CurrentControlSet\Services\NTDS\Diagnostics
- To log all LDAP searches, change the default thresholds for either inefficient and expensive searches to 1. Do the steps that follow:
HKLM\System\CurrentControlSet\Services\NTDS\Parameters\Inefficient Search Results Threshold:DWORD
Expensive Search Results Threshold (create value as it is not present by default)
HKLM\System\CurrentControlSet\Services\NTDS\Parameters\Expensive Search Results Threshold:DWORD
The detailed LDAP search logs are recorded on a domain controller under the Event Viewer > Applications and Services Logs > Directory Service.
Collect the Directory Service logs in EVTX format.
The following parameters are logged for this event:
LDAP query used
User account used
The number of results returned
Log details as follows:
|Log Name||Directory Service|
|Date||8/8/2019 6:40:20 AM|
|Task Category||Field Engineering|
|Internal Event||A client issued a search operation with the following options.|
Pages read from disk:4
Search time (ms):62
Attributes Preventing Optimization:none