Unable to import users from Active Directory using LDAP


This article applies to:

  • Trustwave MailMarshal (SEG)
  • Trustwave ECM/MailMarshal Exchange
  • WebMarshal

Symptoms:

  • Unable to import users from Active Directory using LDAP.
  • A LDAP connection to Active Directory does not import some or all users from a group. The group may be empty, or some users may not be imported. This is noticeable when importing the Domain Users group.
  • There are no errors in the Event Log or the MailMarshal Controller log file.

Causes:

When using LDAP, the connectors query Active Directory for the Members attribute of the group, not the PrimaryGroupID attribute. Microsoft recognizes that this can create issues reporting some groups.

Resolution:

Import groups using the Active Directory connector type. This connector avoids the limits imposed by LDAP connectors.

AD import is available in current supported versions of the named products.

Workaround:

To import the information using LDAP, create a new user group (or groups) which is not set as the Primary Group. Make the required users a member of this group. The new group can then be imported into MailMarshal using LDAP.

An alternative is to change the users' Primary Group. Set the Primary Group to a group that you do not need or want to import.

This article was previously published as:
NETIQKB29514
Marshal KB313

Last Modified 3/1/2020.
https://support.trustwave.com/kb/KnowledgebaseArticle10777.aspx