This article is applicable for:
Product edition: inSync Cloud, inSync On-Premise
inSync Administrator is not able to import users from their AD Mapping configured in inSync Admin Console. This article addresses the following scenarios of this issue:
- The user is present in the AD under the specific OU and Group; however, the user does not appear in the Import New Users window while using Import New Users option.
- User appears in Import New Users window; however, the import fails.
- When you select an AD mapping and click on Import New Users, you get the “No such object” error as shown in the image below.
An AD mapping is associated with a specific OU and a security group. inSync cannot navigate to the AD using the path specified in the AD mapping and shows this error under following scenarios:
- Security group is moved to a different OU or location.
- Security group name is changed.
- Security group is deleted from AD, deleting the user membership to that group.
- While importing user using AD Mapping, inSync displays an error "cannot contact AD/LDAP servers and to check if the services are running”.
- Check if the user is already present in the inSync Admin Console under the Users tab. You can search based on the User Name or Email.
- If you want AD mapping to filter users based only on Group, then you should keep OU as 'All Users'. This means user should be a member of Group and OU is not considered for filtering.
- If you want AD mapping to filter users based on OU and Group, select OU and Group. This means user must be a member of both OU and Group for part of this AD mapping.
- Check if the user account has an associated email address in the AD. Check for the email address under the user account properties page on AD.
Perform the following checks:
- Check if the user is added as a guest user under inSync Share.
- Check if the number of users allowed on a Profile Limit has been reached.
- Check the available licenses. If the licenses are used up, you cannot import a user.
Additionally, also check the preserved user count. By default, you are assigned a preserved user limit of 10% of your Active User License count.
Solutions for the above-mentioned scenarios are as follows:
- If the security group is moved to a different OU or location, move the security group back to its original location.
- If the name of security group is changed, then reinstate the original name of the security group.
- In case the security group is deleted from AD and the user membership to that group is removed (in AD), recreate the security group on original location and again make users member of the security group.
Note: Suppose there is a requirement wherein a user is moved to a different OU/group and cannot be moved back to the original OU/group. In that case, the administrator can create multiple AD mappings according to the users' location in OU or group. inSync does not have any restrictions on creating AD mapping.
- Ping the AD server.
For On-Premise: Check if you can ping AD server.
For Cloud: Check if you can ping AD server from inSync server.
- Verify if DNS name resolution is working for AD Serve:r mentioned in the mapping.
- If both the above checks fail, then fix the name resolution by creating appropriate DNS records with the help of DNS team.