ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

Specifying an Active Directory group in the Account Discovery section and launching discovery for an application configured as Windows Domain Service, I am getting "Missing distinguished name" why ?


Article ID: 14834


Updated On:


CA Privileged Access Manager - Cloakware Password Authority (PA) CA Privileged Access Manager (PAM)


I have configured an application as a Windows Domain Service (WDS) and I have specified  a group in its Account Discovery/Groups section.

Afterwards I have tried to perform an account discovery, but I am always getting "Missing distinguished name" no matter what group and syntax I specify there. 

The account I am using for discovery works for LDAP to Access Manager integration.

What happens and how can I solve it ?

<Please see attached file for image>



Release: PAMDKT99500-2.7-Privileged Access Manager-NSX API PROXY


Whenever defining the account that will be used to perform discovery in the Password Management section of the product, it is necessary to specify in the Distinguished Name (DN) the DN for the account in active directory 


<Please see attached file for image>

src="/servlet/servlet.FileDownload?file=0150c000004AKgQAAW" alt="Application.jpg" width="889" height="660">


1558718252274000014834_sktwi1f5rjvs16uwc.jpeg get_app
1558718250291000014834_sktwi1f5rjvs16uwb.jpeg get_app