This article applies to:
- Trustwave MailMarshal (SEG)
- Trustwave ECM/MailMarshal Exchange
- WebMarshal
Symptoms:
- Unable to import users from Active Directory using LDAP.
- A LDAP connection to Active Directory does not import some or all users from a group. The group may be empty, or some users may not be imported. This is noticeable when importing the Domain Users group.
- There are no errors in the Event Log or the MailMarshal Controller log file.
Causes:
When using LDAP, the connectors query Active Directory for the Members attribute of the group, not the PrimaryGroupID attribute. Microsoft recognizes that this can create issues reporting some groups.
Resolution:
Import groups using the Active Directory connector type. This connector avoids the limits imposed by LDAP connectors.
AD import is available in current supported versions of the named products.
Workaround:
To import the information using LDAP, create a new user group (or groups) which is not set as the Primary Group. Make the required users a member of this group. The new group can then be imported into MailMarshal using LDAP.
An alternative is to change the users' Primary Group. Set the Primary Group to a group that you do not need or want to import.
- This article was previously published as:
- NETIQKB29514
- Marshal KB313