LDAP User Sync not Bringing in Some Service Accounts but Does Others

jlaps · ‎05-21-2024

I need some help determining why some Service Accounts are syncing from AD in our user sync, but others are not. My LDAP AD guy can't see the difference between the accounts, and I am not sure where else to look. Tips?

the above svcCentrify account does sync with the above LDAP settings.

The below account however is not-

Neither I nor my AD guy can tell the difference between accounts that are and are not syncing. Any advice on how to test and figure this out?

Kieran Anson · ‎05-21-2024

If you remove the filter, do you then see the user account?

To compare, open the records up in the advanced LDAP view so you can see the Attribute editor. You can then validate the attributes of the AD object against the filter condition

View solution in original post

Mahathi · ‎05-21-2024

Hi @jlaps ,

Are you able to see the User account control attributes for them?

Sometimes the account control attribute can be a determining factor as per the filter given.

You can also check if there is any transform script written that is ignoring this particular record.

If this addresses your question, please mark it as helpful and accept it as the solution.

Thanks,
Mahathi

jlaps · ‎05-21-2024

User Account Control seems identical-

I dont see anything filtering this, though there are many being skipped... but I will have to dig deeper to be certain. Thank you!

Mahathi · ‎05-22-2024

@jlaps : Ultimately it was the user control attribute that caused the issue i believe. 🙂

The filter indeed had the user control attribute as a condition.

Kieran Anson · ‎05-21-2024

If you remove the filter, do you then see the user account?

To compare, open the records up in the advanced LDAP view so you can see the Attribute editor. You can then validate the attributes of the AD object against the filter condition