When attempting to import AD logins with the AD Logins Source option on the System -> Users -> Data Sources page in the Enforce Console, it fails and the following error can be seen in the Tomcat localhost logs:
com.vontu.enforce.domainlayer.datauser.source.UserSynchFailedException: AD default domain partition not foundcom.vontu.enforce.domainlayer.datauser.source.UserSynchFailedException: AD default domain partition not found
at com.vontu.enforce.domainlayer.adroles.DirectoryGroupMemberRetriever.initializeUserWalker(DirectoryGroupMemberRetriever.java:180)
at com.vontu.enforce.domainlayer.adroles.DirectoryGroupMemberRetriever$1.doInTransaction(DirectoryGroupMemberRetriever.java:147)
at com.vontu.enforce.domainlayer.adroles.DirectoryGroupMemberRetriever$1.doInTransaction(DirectoryGroupMemberRetriever.java:142)
at org.springframework.transaction.support.TransactionTemplate.execute(TransactionTemplate.java:140)
at com.vontu.enforce.domainlayer.adroles.DirectoryGroupMemberRetriever.retrieveFromAConnection(DirectoryGroupMemberRetriever.java:142)
at com.vontu.enforce.domainlayer.adroles.DirectoryGroupMemberRetriever.retrieveDirectoryGroupMembers(DirectoryGroupMemberRetriever.java:105)
at com.vontu.enforce.domainlayer.adroles.RolesSyncingService.sync(RolesSyncingService.java:107)
at com.vontu.enforce.domainlayer.datauser.source.DataUserSyncService.lambda$performFullSync$0(DataUserSyncService.java:98)
at org.springframework.transaction.support.TransactionTemplate.execute(TransactionTemplate.java:140)
at com.vontu.enforce.domainlayer.datauser.source.DataUserSyncService.performFullSync(DataUserSyncService.java:98)
at com.vontu.enforce.domainlayer.datauser.source.DataUserSyncTask.run(DataUserSyncTask.java:80)
at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
at java.util.concurrent.FutureTask.run(FutureTask.java:266)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
at java.lang.Thread.run(Thread.java:748)
DLP Versions: 15.7 - 15.8
The import code uses the NETBIOS-name which is not present in the Global Catalog which causes the import to fail.
Workaround: In the Enforce Console change the Directory Connection port from the Active Directory Global Catalog port of 3268 to LDAP port 389 for insecure or 636 for secure connections.
https://docs.microsoft.com/en-us/windows/win32/adschema/a-netbiosname