When running a query against an Active Directory user or group, it returns 0 results, even though the users are visible when creating the query?

Document ID : KB000050924
Last Modified Date : 14/02/2018
Show Technical Document Details

Description:

When running a query against an Active Directory user or group, it returns 0 results, even when the users are visible when creating the query, and the Directory Synchronization task has run.

Solution:

Use the 'cmdirmgr' command below from the Command Prompt on the Domain/Enterprise Manager to force a complete synchronization with LDAP.

cmdirmgr update -d:<directory name> -a:<authority>

The directory is the domain name.

The authority would be the prefix you use to log in to your computer through active directory.

For example "authority\username"

For example

Your Domain "domain1.com"
Your Authority is "test-a01" (Meaning you log onto your computer with "test-a01\username".)

NOTE: 'Domain1.com' will usually work in place of the authority as well if the authority is not known.

The command you would use is:
      cmdirmgr update -d:domain1.com -a:test-a01
The command should result
       Operation Successful   
       ----------------------------------------------   
       Directory Name : ca.com  
       Server Name    : ldapServer.domain1.com   
       Base DN        : DC=domain1,DC=com   
       Schema Name    : 'SchemaNameUsed during Directory sync'   
       Authorities    : test-a01   
       Macros         :   
       User Filter    :   
       Computer Filter:  

If you see this message you should now be able run the same query against active directory in the DSM Explorer and the results should return as desired.

**Please note that this command will fail with error "Could not locate the directory 'domain.com'if the 'Directory Synchronization Wizard' has not been run yet.**

Command usage:

To get a listing of the full usage of the "cmdirmgr update" command run the command "cmdirmgr update help"

Below is the usage of the command from the help output:

    mandatory parameters:  
    -d:directory Name of the directory. e.g "-d:ca.com"       
    -a:authorities comma seperated authorities list "-a:tant-a01,eunt-a01"  
    optional parameters: 
    -m:macros comma seperated marcos list e.g "-m:$HOSTNAME$=^.+://(.[^/]*)/?.   
    *, $ACCOUNTNAME$=^.+://.[^/]*/?(.*)"       
     -u:user_filter user query filter string e.g "-u:(&(objectClass=$USER_MAP$)(use   
    rCN=$ACCOUNTNAME$))"       
     -c:computer_filter computer query filter string e.g "-c:(&(objectClass=$COMPUTE   
    R_MAP$)(assetCN=$ACCOUNTNAME$))"       
     -r:manager manager machine name e.g "-r:dsm_mgr1"   
    by default local manager is used