Skip to main content
Druva Documentation

Enable advanced logging in AD to troubleshoot users not listing in AD Mapping Import

Overview

It has been observed that at times, the users are not fetched successfully from a defined AD mapping. As a workaround to resolve this issue, a duplicate AD mapping would serve the purpose. In addition, the AD connector logs do not provide sufficient granular details as to what is occurring in these instances. To get more in-depth details, further analysis is required on the customer's domain controllers.

This article will provide a mechanism on how to further deep dive and provide details for engineering assistance. 

Prerequisite

Enable LDAP logging on the customer's AD server and get the logs for both the mappings. This will help to identify a potential root cause that can be further investigated. 

Directory debugging collection 

The following steps will allow the domain controller to log all the LDAP searches in the Directory Service log. 

 After troubleshooting the issue successfully, you should revert to the default settings.

  1. Set the value for "15 Field Engineering" to 5. The default value is zero. 

    Note: This value can be found in HKLM\System\CurrentControlSet\Services\NTDS\Diagnostics

  2. To log all LDAP searches, change the default thresholds for either inefficient and expensive searches to 1.  Do the steps that follow:
    1. HKLM\System\CurrentControlSet\Services\NTDS\Parameters\Inefficient Search Results Threshold:DWORD

    2. Expensive Search Results Threshold (create value as it is not present by default)

    3. HKLM\System\CurrentControlSet\Services\NTDS\Parameters\Expensive Search Results Threshold:DWORD

  3. Attempt to import the users from the affected AD Mapping.

  4. The detailed LDAP search logs are recorded on a domain controller under the Event Viewer > Applications and Services Logs > Directory Service.

  5. Collect the Directory Service logs in EVTX format.

  6. Do Steps 3 through Step 5 for an AD Mapping that is working as expected.

  7. Collect the Directory Service logs in EVTX format.

  8. The following parameters are logged for this event: 

    • LDAP query used

    • User account used

    • Filters applied

    • The number of results returned

Example: 

evenlogs.png

Log details as follows: 

Field  Description
Log Name Directory Service
Source Microsoft-Windows-ActiveDirectory_DomainService
Date 8/8/2019 6:40:20 AM
Event ID 1644
Task Category Field Engineering
Level  Information
Keywords Classic
User DRUVAUDAY\manish.it
Computer UDAYDC.druvauday.local
Description  
Internal Event A client issued a search operation with the following options.

Client:

172.16.53.162:54244 

Starting node:OU=Manish_TestOU,DC=druvauday,DC=local 

Filter:(objectCategory=CN=Person,CN=Schema,CN=Configuration,DC=druvauday,DC=local)  

Search scope:

subtree 

Attribute selection:

cn,mail,userPrincipalName,cn,department,countryCode,userAccountControl,objectGUID 

Server controls:

Visited entries:5 

Returned entries:4 

Used indexes:Ancestors_index:5:N; 

Pages referenced:107 

Pages read from disk:4 

Search time (ms):62 

Attributes Preventing Optimization:none

  • Was this article helpful?