ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

AD Login Datasource failure


Article ID: 239517


Updated On:


Data Loss Prevention Core Package


When attempting to import AD logins with the AD Logins Source option on the System -> Users -> Data Sources page in the Enforce Console, it fails and the following error can be seen in the Tomcat localhost logs:


com.vontu.enforce.domainlayer.datauser.source.UserSynchFailedException: AD default domain partition not foundcom.vontu.enforce.domainlayer.datauser.source.UserSynchFailedException: AD default domain partition not found
 at com.vontu.enforce.domainlayer.adroles.DirectoryGroupMemberRetriever.initializeUserWalker(
 at com.vontu.enforce.domainlayer.adroles.DirectoryGroupMemberRetriever$1.doInTransaction(
 at com.vontu.enforce.domainlayer.adroles.DirectoryGroupMemberRetriever$1.doInTransaction(
 at com.vontu.enforce.domainlayer.adroles.DirectoryGroupMemberRetriever.retrieveFromAConnection(
 at com.vontu.enforce.domainlayer.adroles.DirectoryGroupMemberRetriever.retrieveDirectoryGroupMembers(
 at com.vontu.enforce.domainlayer.adroles.RolesSyncingService.sync(
 at com.vontu.enforce.domainlayer.datauser.source.DataUserSyncService.lambda$performFullSync$0(
 at com.vontu.enforce.domainlayer.datauser.source.DataUserSyncService.performFullSync(
 at java.util.concurrent.Executors$
 at java.util.concurrent.ThreadPoolExecutor.runWorker(
 at java.util.concurrent.ThreadPoolExecutor$


The import code uses the NETBIOS-name which is not present in the Global Catalog which causes the import to fail.


DLP Versions: 15.7 - 15.8


Workaround: In the Enforce Console change the Directory Connection port from the Active Directory Global Catalog port of 3268 to LDAP port 389 for insecure or 636 for secure connections.

Additional Information