Sophos Cloud AD Sync Utility retrieves 0 users and 0 Groups from Active Directory

  • Article ID: 121252
  • Updated: 08 Sep 2014

Issue

When configuring the Sophos Cloud AD Sync Utility, you see the following error message in the user interface and the log file of the utility.

Found 0 AD users.
Found 0 AD groups.

In addition to the above messages, the log file contains the following text:

Page:1 contains 2 response entries
Last page detected in LDAP result.
The result set was not paged.
Search returned 2 records.
Unable to find netbios name for DC=[X],DC=[Y]

First seen in


Sophos Cloud

Cause

You have more than one Active Directory domain, i.e a child domain.

What To Do

At the current time the AD Sync Utility only supports a single domain.  This has been logged in the system as CPLAT-2772.

As a workaround to this issue, it is possible to import the users and groups from one of the domains.  To do so, under CN=Partitions,CN=Configuration, you can deny the Windows user configured in the Sophos Cloud AD Sync utility access to one of the domain objects.  As a result the utility will only 'find' the one single domain and be able to determine the NetBIOS domain name.

Note: The following tools may be used to set these permissions:

Technical Information

In order to establish the NetBIOS form of the domain name, the AD Sync Utility inspects the following location in Active Directory:

CN=Partitions,CN=Configuration

If this query returns more than 1 result, the utility has unable to establish a distinct domain name.

 
If you need more information or guidance, then please contact technical support.

Rate this article

Very poor Excellent

Comments