When configuring the Sophos Cloud AD Sync Utility, you see the following error message in the user interface and the log file of the utility.
Found 0 AD users.
Found 0 AD groups.
In addition to the above messages, the log file contains the following text:
Page:1 contains 2 response entries
Last page detected in LDAP result.
The result set was not paged.
Search returned 2 records.
Unable to find netbios name for DC=[X],DC=[Y]
First seen in
You have more than one Active Directory domain, i.e a child domain.
What To Do
At the current time the AD Sync Utility only supports a single domain. This has been logged in the system as CPLAT-2772.
As a workaround to this issue, it is possible to import the users and groups from one of the domains. To do so, under
CN=Partitions,CN=Configuration, you can deny the Windows user configured in the Sophos Cloud AD Sync utility access to one of the domain objects. As a result the utility will only 'find' the one single domain and be able to determine the NetBIOS domain name.
Note: The following tools may be used to set these permissions:
In order to establish the NetBIOS form of the domain name, the AD Sync Utility inspects the following location in Active Directory:
If this query returns more than 1 result, the utility has unable to establish a distinct domain name.