/
Troubleshoot Active Directory Connections

Troubleshoot Active Directory Connections

Aug 02, 2022

Problem

If Digital Workplace hangs at startup and the error log or event viewer shows a binding error and the Directory Server type is Active Directory, then it is likely a problem with the network.   If Digital Workplace takes a long time to startup when login is not required, then it may be an issue querying the Active Directory server.

Solution

Here are some things to try on the machine with the problem to isolate the issue:

  • ping -a directory_server_name

    • If that fails, ping directory_server_ip

    • If that succeeds, then a short-term solution is to put the IP in the etc\hosts file on that machine.  This is only until IT can work out their DNS issue.

  • tracert directory_server_name

    • If this fails, then there is some DNS or routing issue that IT needs to resolve.

  • Run LDAPTest.exe (Foray Dropbox\Shared\Support\Tools\LDAPTest.exe)

    • Set Server and Port to match Central Config's directory server information

    • Select Root DSE Info button

    • If that does not return or takes many minutes to return, then ask IT to troubleshoot this LDAP query on their network from that machine: 

    • If the previous query works, then try getting the user's information as follows:

      • Fill in these values:

        • Server = see Directory server in Central Config

        • Port = see Central Config

      • Select the Fetch Contexts button

      • Fill in these values

        • Context = see Central Config's Base Dn/Context

        • Auth type = see Central Config

        • Login Auth type = see Central Config

        • Filter = (&(samaccountname=<username>)(objectClass=person))

          • Replace <username> with the user's login 

        • Scope = Subtree

        • Default Creds = checked

      • Select the Search button.  If this takes a long time (more than 5 seconds), then ask IT to troubleshoot this LDAP directory search with the specified filter on their network from that machine.

      • The box at the bottom of the window should populate with the user's information.  Verify the following:

        • objectsid = SID stored in the identity_table

        • memberof = groups the user is a member of

        • dn = distinguished_name in the identity_table

Tools

ldp.exe is a Microsoft Active Directory tool.  Install Remote Server Administration Tools and enable through Programs and Features.

See Triaging Exchange Performance Issues Related to Active Directory

Related KB's:

 

Related articles

 

 

© 2023 Foray, LLC - All Rights Reserved