Skip to main content

 

Druva Documentation

Not able to import users from AD mapping

This article is applicable for:
Product edition: inSync Cloud, inSync On-Premise

Problem description

inSync Administrator is not able to import users from their AD Mapping configured in inSync Admin Console. This article addresses the following scenarios of this issue:

  1. The user is present in the AD under the specific OU and Group; however, the user does not appear in the  Import New Users window while using Import New Users option. 
  2. User appears in Import New Users window; however, the import fails.
  3. When you select an AD mapping and click on Import New Users, you get the “No such object” error as shown in the image below.


    An AD mapping is associated with a specific OU and a security group. inSync cannot navigate to the AD using the path specified in the AD mapping and shows this error under following scenarios:
    1. Security group is moved to a different OU or location.
    2. Security group name is changed.
    3. Security group is deleted from AD, deleting the user membership to that group.
  4. While importing user using AD Mapping, inSync displays an error "cannot contact AD/LDAP  servers and to check if the services are running”.

Resolution

Scenario 1:

  1. Check if the user is already present in the inSync Admin Console under the Users tab. You can search based on the User Name or Email. 
  2. If you want AD mapping to filter users based only on Group, then you should keep OU as 'All Users'. This means user should be a member of Group and OU is not considered for filtering.



     
  3. If you want AD mapping to filter users based on OU and Group, select OU and Group. This means user must be a member of both OU and Group for part of this AD mapping.


     
  4. Check if the user account has an associated email address in the AD. Check for the email address under the user account properties page on AD.

Scenario 2 

Perform the following checks:

  1. Check if the user is added as a guest user under inSync Share.


     
  2. Check if the number of users allowed on a Profile Limit has been reached.


     
  3. Check the available licenses. If the licenses are used up, you cannot import a user. 
    Additionally, also check the preserved user count.  By default, you are assigned a preserved user limit of 10% of your Active User License count. 

Scenario 3

Solutions for the above-mentioned scenarios are as follows:

  1. If the security group is moved to a different OU or location, move the security group back to its original location.
  2. If the name of security group is changed, then reinstate the original name of the security group.
  3. In case the security group is deleted from AD and the user membership to that group is removed (in AD), recreate the security group on original location and again make users member of the security group.

Scenario 4

  1. Ping the AD server.
    For On-Premise: Check if you can ping AD server.
    For Cloud: Check if you can ping AD server from inSync server.
  2. Verify if DNS name resolution is working for AD Serve:r mentioned in the mapping.
  3. If both the above checks fail, then fix the name resolution by creating appropriate DNS records with the help of DNS team.