When running a query against an Active Directory user or group, it returns 0 results, even when the users are visible when creating the query, and the Directory Synchronization task has run.
Use the 'cmdirmgr' command below from the Command Prompt on the Domain/Enterprise Manager to force a complete synchronization with LDAP.
cmdirmgr update -d:<directory name> -a:<authority>
The directory is the domain name.
The authority would be the prefix you use to log in to your computer through active directory.
For example "authority\username"
Your Domain "domain1.com"
Your Authority is "test-a01" (Meaning you log onto your computer with "test-a01\username".)
NOTE: 'Domain1.com' will usually work in place of the authority as well if the authority is not known. The command you would use is:
cmdirmgr update -d:domain1.com -a:test-a01The command should result
Directory Name : ca.com
Server Name : ldapServer.domain1.com
Base DN : DC=domain1,DC=com
Schema Name : 'SchemaNameUsed during Directory sync'
Authorities : test-a01
User Filter :
If you see this message you should now be able run the same query against active directory in the DSM Explorer and the results should return as desired.
**Please note that this command will fail with error "Could not locate the directory 'domain.com'if the 'Directory Synchronization Wizard' has not been run yet.**
To get a listing of the full usage of the "cmdirmgr update" command run the command "cmdirmgr update help"
Below is the usage of the command from the help output:
-d:directory Name of the directory. e.g "-d:ca.com"
-a:authorities comma seperated authorities list "-a:tant-a01,eunt-a01"
-m:macros comma seperated marcos list e.g "-m:$HOSTNAME$=^.+://(.[^/]*)/?.
-u:user_filter user query filter string e.g "-u:(&(objectClass=$USER_MAP$)(use
-c:computer_filter computer query filter string e.g "-c:(&(objectClass=$COMPUTE
-r:manager manager machine name e.g "-r:dsm_mgr1"
by default local manager is used