AD extended properties with asset import?

Tom_HendricksTom_Hendricks Customer Ninja IT Monkey ✭✭✭✭
Asset Import looks like a great tool for retrieving extendedAttribute properties from AD and syncing them.  However, the AD User object requires Domain as part of its key, and it is not apparent how to get the Domain from an LDAP query, since it is not actually a user object attribute.

Is there a way to pass the domain in as a static string (similar to "Foo" as [ColumnName] in SQL)?  Is there another, better way to accomplish this?
Tagged:

Best Answer

Answers

  • Tom_HendricksTom_Hendricks Customer Ninja IT Monkey ✭✭✭✭
    Many thanks!  I had a feeling the answer might be this simple, but it did not turn up in any of my searches yesterday.
  • Tom_HendricksTom_Hendricks Customer Ninja IT Monkey ✭✭✭✭
    Back with another question.  It turns out that this does not work for syncing multiple domains--just the one that the server belongs to.  Specifying valid credentials in the target domain does not make %DOMAIN% refer to the desired domain, apparently.

    Is there a different variable that should be used, in that case?

    (Because it might be asked, the connector is successfully authenticating with the other domain, but the sync fails with "Did not find an existing Microsoft.AD.User - one or more keys are null, check input data around line or row XXXX".  This entry will be written for every single object that is returned by the LDAP query.)
  • Amarjit_DhillonAmarjit_Dhillon Customer Adept IT Monkey ✭✭
    Back with another question.  It turns out that this does not work for syncing multiple domains--just the one that the server belongs to.  Specifying valid credentials in the target domain does not make %DOMAIN% refer to the desired domain, apparently.

    Is there a different variable that should be used, in that case?

    (Because it might be asked, the connector is successfully authenticating with the other domain, but the sync fails with "Did not find an existing Microsoft.AD.User - one or more keys are null, check input data around line or row XXXX".  This entry will be written for every single object that is returned by the LDAP query.)


    I am having the exact same problem, I'm also having the issue whereby I cannot search an OU that has 1000 or more users.


    Has anyone come across this before. The domain I am querying is set to display 5000 results for any LDAP Queries.

  • Tom_HendricksTom_Hendricks Customer Ninja IT Monkey ✭✭✭✭
    In all my testing, it seems that %DOMAIN% always refers to the domain of the server, not the credentials that are supplied.  I have not been successful querying multiple domains or forests like I would like to.  :neutral:

    I can tell you that I am querying a domain with far more than 1000 users also, and I do not see this behavior.  Are you only referring to the query results in the connector wizard?  Someone can correct me if I am wrong, but I think that it only shows a sample there.
  • Amarjit_DhillonAmarjit_Dhillon Customer Adept IT Monkey ✭✭

    Hi Tom, That is right

    I am referring to the query results in the connector wizard, it was coming up with "The size limit was exceeded"

    I was so confused with this.

    It is a shame that we cannot use %DOMAIN%, do you know how I can specify my specific domain so that my connector will work.


    Thank You Tom.

  • Amarjit_DhillonAmarjit_Dhillon Customer Adept IT Monkey ✭✭
    In all my testing, it seems that %DOMAIN% always refers to the domain of the server, not the credentials that are supplied.  I have not been successful querying multiple domains or forests like I would like to.  :neutral:

    I can tell you that I am querying a domain with far more than 1000 users also, and I do not see this behavior.  Are you only referring to the query results in the connector wizard?  Someone can correct me if I am wrong, but I think that it only shows a sample there.

    Hi Tom, That is right

    I am referring to the query results in the connector wizard, it was coming up with "The size limit was exceeded"

    I was so confused with this.

    It is a shame that we cannot use %DOMAIN%, do you know how I can specify my specific domain so that my connector will work.


    Thank You Tom.

  • Amarjit_DhillonAmarjit_Dhillon Customer Adept IT Monkey ✭✭
    Hi, I had logged a ticket to Cireson support and officially they have advised that LDAP queries will not work across domains. This is quite disappointing as I did not want to use SCORCH/Orchestrator. I have asked the question if the Cireson PowerShell APP would be a suitable approach for this scenario. I will keep you guys informed.
  • Amarjit_DhillonAmarjit_Dhillon Customer Adept IT Monkey ✭✭
    I've had my ticket closed saying that this is not supported and that I should raise a feature request which I have done : 

    https://community.cireson.com/discussion/comment/7531#Comment_7531
Sign In or Register to comment.