There are multiple versions of Active Directory configuration and maintenance on the customer's environment. This can cause problems in TCA as it tries to locally import all the AD users and groups.

2.x

1. Active Directory MaxPageSize configuration:  This configuration on the Active Directory server controls the number of objects to be returned in an LDAP/AD Query, the default is 1000. Causing TCA to only import the returned 1000 objects.
   
   
2. Size of Data synced:  The Active Directory Server can have more than 100000 objects, when an import is api called, it is network intensive, and returning all the objects in a single API call may time out the API call.
   
   
3. Malformed AD Object:  The Active Directory Server can have an object which is misconfigured according to the Active Directory specification, which can cause the import to fail.
   
   
4. Refer the following kb article discovered on TCA 3.1.1: Ignoring misconfigured users on Customer AD. 

TCA disables the import of AD users and groups, and communicates with the AD for determining user's group membership.

Patch TCA via the following steps:

1. Download the relevant patch JAR files from the keycloak-2.3-patch-jars.zip file:
   1. the 3 files included in the zip are:

      1. hybridity-appliance-management-0.1.0.war

      2. web-server-0.1.0.war

      3. keycloak-adapter-1.0.jar
         
         

2. Copy the JAR files to TCA Manager Shell as follows:

   SCP Files

   scp hybridity-appliance-management-0.1.0.war admin@<tca-m-ip>:/opt/vmware/hybridity-appliance-management-0.1.0.war scp web-server-0.1.0.war admin@<tca-m-ip>:/opt/vmware/web-server-0.1.0.war scp keycloak-adapter-1.0.jar admin@<tca-m-ip>:/opt/vmware/Adapters/1.0/keycloak-adapter-1.0.jar scp keycloak-adapter-1.0.jar admin@<tca-m-ip>:/opt/vmware/Services/workflow_service_1.0/keycloak-adapter-1.0.jar

3. Restart the relevant services

   Restart Services

   sudo systemctl restart tca-keycloak sudo systemctl restart appliance-management sudo systemctl restart web-engine

4. Clean up the imported users and groups

   1. Inside the TCA Manager SSH terminal, log into the DB Postgres shell as follows:

      Postgres Shell

      export PGPASSWORD=$(cat /common/pgsql/passwords/keycloak_user) && psql -U keycloak_user keycloak

   2. Delete Imported Groups via the following 2 queries:

      Postgres Delete groups data

      keycloak=> delete from "group_attribute"; DELETE 53 keycloak=> keycloak=> delete from "keycloak_group"; DELETE 53

5.  The TCA user should be able to configure Active Directory on appliance management successfully.