How can I tell if msDS-PrincipalName attribute is populated
search cancel

How can I tell if msDS-PrincipalName attribute is populated

book

Article ID: 176422

calendar_today

Updated On:

Products

CASB Security Standard CASB Security Premium CASB Security Advanced CASB Audit CASB Gateway CASB Gateway Advanced CASB Securlet SAAS

Issue/Introduction

During SpanVA installation it is possible to specify what attribute is used as Secondary ID for directory sync (DSS) imported users.  

msDS-PrincipalName is the default attribute for SecondaryID and needs to have valid data.

Resolution

  1. Login to Active Directory server
     
  2. Open "Active Directory Users and Computers"
     
  3. Right click a user and click on "Properties"


     
  4. Go to the Attribute Editor tab


     
  5. Click the Filter button and check "Show only attributes that have values" and "Constructed"


     
  6. Find msDS-PrincipalName in alphabetical order and verify the data it is populated with.  If it is not displayed then it does not have a value assigned to it
    msDS-PrincipalName  EXAMPLE\USER

Additional Information

Example of a Secondary User ID synced to CloudSOC via SpanVA DSS (Domain is EXAMPLE)