Employee List will not populate extended AD attributes on certain users
|Article:TECH200365|||||Created: 2012-12-01|||||Updated: 2014-12-02|||||Article URL http://www.symantec.com/docs/TECH200365|
When attempting to add users to the Employee List from Active Directory, the error 'Could not get Extended AD info' appears.
Could not get Extended AD info - [#100000] ADS Crawler error: Catalog server matching the user DN does not exist: CN=John Doe,OU=Users,DC=XYZ,DC=COM
Either the domain(s) to crawl have been entered incorrectly, or the global catalog cannot be reached.
Two step resolution:
First; determine which domains need to be crawled.
Second; point the program to query the correct Domain Controllers for each domain that is crawled.
Domains to Crawl:
Use the DC section of the error to determine what needs to be placed in the Domains to crawl:
Example: DC=XYZ,DC=COM (from the error) results in
By default do not include an Administrator to the Domain information. The account used to start the Symantec/Clearwell application will be used to query Active Directory.
(By default, up to three Domain Controllers can be identified)
Use ADSCrawler_output logs to determine what server to use in the ESA property:
- Examine the ADSCrawler logs for:
INFO DSCrawlerService - Binding to domain controller: cwlabdc01234.test.local
Repeat for each Domain to Crawl.
From the above example, the setting would be:
Use LDP.exe to determine what server to use in the ESA property:
1. Logon to the Clearwell appliance.
2. If necessary, install 'Active Directory Lightweight Directory Services'
- Open Server Manager
- Add Roles
- Select 'Active Directory Lightweight Directory Services'
(do not restart the server or services)
3. Start | Run | ldp.exe
4. From LDP utility: Connection | Bind | 'Bind with credentials'
5. If possible, use the failing users credentials otherwise use a Symantec/Clearwell account.
6. The last line will note if the Authentication was successful
7. Scroll up to the line:
Note: additional domain controllers can be added by separating the entries with a ;
How to modify ESA property settings:
1. Logon to the web page using an account with System Administrator rights
2. Select System | Support Features | Property Browser
3. Modify the following fields: (case sensitive)
Services do not need to be restarted.
Article URL http://www.symantec.com/docs/TECH200365