Hopp til hovedinnhold
Hopp over innholdsfortegnelsen

Hvordan feilsøke brukere med et ugyldig brukeranker i Active Directory

When a user in eADM lacks a valid user anchor, changes and group memberships from eADM will not be communicated to Active Directory (AD). You can identify this issue when the user's anchor value is either missing or is not a valid objectGUID.

How to Identify an Invalid User Anchor

You can check the "Anchor" column in the user list.

  • Invalid Anchor: The value in the "Anchor" column is missing or has the same value as the user's internal eADM ID.

    • Id: 278540

    • Anchor: 278540

  • Valid Anchor: The value in the "Anchor" column is a valid Globally Unique Identifier (GUID).

    • Id: 171381

    • Anchor: 9366034e-c04b-4523-8943-ef49d38ce994

Troubleshooting Checklist

Follow these steps to troubleshoot and fix users with an invalid user anchor.

1. Check for Duplicate Users in AD.

First, verify that a duplicate account for the user does not exist in Active Directory

2. Verify User Attributes.

Ensure that the user has the correct employee number and/or national identity number in the ansattID og ansattNummer attributes in AD. These are the unique identifiers eADM uses to match users with existing AD accounts.

3. Check for AD Object Protection

The AD user object must not be protected from accidental deletion. This setting must be disabled for eADM to merge, update, and move users, groups, and OUs in AD.

You can find this setting in the user's Properties -> Object tab in "Active Directory Users and Computers."

Note: To remove this protection flag from multiple users at once, you can use the following PowerShell script.

CODE 
PowerShell
CODE 
Get-ADObject -Filter * -SearchBase 'OU=TestOU, DC=Vision, DC=local' | `
ForEach-Object -Process {
    Set-ADObject -Identity $_ -ProtectedFromAccidentalDeletion $false
}

4. Confirm the Organizational Unit (OU) Path

Check that the user is located in an OU that is covered by the MergePath in the c:\eadm\eadm.client.exe.config file.

CODE 
XML
CODE 
<add key="MergePath_N0961381630" value="OU=Groups|OU=Users"/>

Merk: The path should only contain OUs. You do not need to include the DC (Domain Component) part of the path, as this is defined in the Domain setting.

Resolving the Issue

  1. After you have verified all the points in the checklist, run the Restore User Anchor function in eADM for the specific user.

  1. Next, either run a manual synchronization or wait for the next scheduled sync to run.

  1. Check the user's anchor value in eADM again.

Advarsel: If the anchor is still not correctly assigned after these steps, please send the log file from c:\eadm\logfiles to Identum support for further assistance.

Bulk Operations for Invalid Anchors

You can find all users who are missing a valid user anchor by navigating to the Synchronization Status page and clicking the "Objects with invalid user anchor" button (icon shown with a red arrow in the source document).

From this view, you can attempt to restore all invalid anchors at once

JavaScript-feil oppdaget

Vær oppmerksom på at disse feilene kan avhenge av nettleseroppsettet ditt.

Hvis problemet vedvarer, vennligst kontakt vår support.

Kontakt Support Lukk