Video Screencast Help
Symantec Appoints Michael A. Brown CEO. Learn more.
Archiving and eDiscovery Community Blog

Using LDAP queries in Enterprise Vault Provisioning Groups - The Query did not return any results.

Created: 28 Jul 2009 • Updated: 29 May 2014 • 2 comments
John Chisari's picture
+2 2 Votes
Login to vote

This was an interesting one that came up a couple of days ago. Simple, but hope it stops someone pulling their hair out.

EV Provisioning Groups allow you to input a LDAP Query to target users using any AD attribute or a combination of attributes - very flexible solution.

So for example, you setup a 0 day Age based Mailbox policy and you want to target Temp Employees only. You have the AD attribute employeeType populated with 'Temp' for these specific users.

When you add the LDAP query 'employeeType=Temp' - EV will respond back with "The Query did not return any results". Hang on, this query works fine in AD User and Computers and other LDAP query tools, why doesn't EV see it? It is because EV queries a Global Catalog server for this information and by default the employeeType attribute is not replicated from the AD to the GC. The EV tasks also query GC's for information, so this is why Provisioning Group target setup is done the same way.

So how to get this replicated?

Follow this MS Article technet2.microsoft.com/windowsserver/en/library/42ae2845-a7aa-4f02-8944-175f6541125f1033.mspx and select the employeeType attribute. Wait a few minutes - usually between 15-30 minutes, maybe longer for larger environments.

Comments 2 CommentsJump to latest comment

TonySterling's picture

Great stuff John!  Thanks for posting.

-1
Login to vote
mashles's picture

Nice, although it is not necessary to have it replicated to the GC. In the provisioning group LDAP query screen there is a field called "Query Root", you will notice by default it starts with GC://, if you change this to LDAP:// then you can use non-GC attributes for your provisioning group LDAP queries.

+1
Login to vote