When running a query against an Active Directory user or group, it returns 0 results, even though the users are visible when creating the query?


Article ID: 50924


Updated On:


CA Automation Suite for Data Centers - Configuration Automation CA Client Automation - Asset Management CA Client Automation - IT Client Manager CA Client Automation CA Client Automation - Remote Control CA Client Automation - Asset Intelligence CA Client Automation - Desktop Migration Manager CA Client Automation - Patch Manager CA Server Automation



When running a query against an Active Directory user or group, it returns 0 results, even when the users are visible when creating the query, and the Directory Synchronization task has run.


Use the 'cmdirmgr' command below from the Command Prompt on the Domain/Enterprise Manager to force a complete synchronization with LDAP.

cmdirmgr update -d:<directory name> -a:<authority>

The directory is the domain name.

The authority would be the prefix you use to log in to your computer through active directory.

For example "authority\username"

For example

Your Domain "domain1.com"
Your Authority is "test-a01" (Meaning you log onto your computer with "test-a01\username".)

NOTE: 'Domain1.com' will usually work in place of the authority as well if the authority is not known.

The command you would use is:
      cmdirmgr update -d:domain1.com -a:test-a01
The command should result
       Operation Successful   
       Directory Name : ca.com  
       Server Name    : ldapServer.domain1.com   
       Base DN        : DC=domain1,DC=com   
       Schema Name    : 'SchemaNameUsed during Directory sync'   
       Authorities    : test-a01   
       Macros         :   
       User Filter    :   
       Computer Filter:  

If you see this message you should now be able run the same query against active directory in the DSM Explorer and the results should return as desired.

**Please note that this command will fail with error "Could not locate the directory 'domain.com'if the 'Directory Synchronization Wizard' has not been run yet.**

Command usage:

To get a listing of the full usage of the "cmdirmgr update" command run the command "cmdirmgr update help"

Below is the usage of the command from the help output:

    mandatory parameters:  
    -d:directory Name of the directory. e.g "-d:ca.com"       
    -a:authorities comma seperated authorities list "-a:tant-a01,eunt-a01"  
    optional parameters: 
    -m:macros comma seperated marcos list e.g "-m:$HOSTNAME$=^.+://(.[^/]*)/?.   
    *, $ACCOUNTNAME$=^.+://.[^/]*/?(.*)"       
     -u:user_filter user query filter string e.g "-u:(&(objectClass=$USER_MAP$)(use   
     -c:computer_filter computer query filter string e.g "-c:(&(objectClass=$COMPUTE   
     -r:manager manager machine name e.g "-r:dsm_mgr1"   
    by default local manager is used 


Release: UASIT.99000-12.5-Asset Intelligence