Active Directory troubleshooting tool - incoming user
This is a command line tool that replicates the actions that the EDC takes to find and populate an incoming user and their groups. The output is text showing the user's properties and the groups that were found.
There is a configuration file for the tool that contains the details on how to connect to the domain, and the details on what field mappings we are looking for.
How to use it
- Download the attached zip file (at the bottom of this page) to your web server.
- Extract the files.
- Update the file ORC.TF.AD.IncomingUserTest.exe.config with the domain, username and password for your environment.
- Open a powershell window to the extracted directory and run the command below:
.\ORC.TF.AD.IncomingUserTest.exe Domain Username
- Additional config options:
loadGroupMembership: This will control if the test tool will try to load any of the users groups.
enabledSteps: This controls which of the group membership methods to try.
step1 step2 step2pt1 step2pt2 step2pt2foreignuser step2pt2foreigngroups step3
step1: This will run the LDAP_MATCHING_RULE_IN_CHAIN query to find all of the groups the user belongs to in the current domain.
step2: This will run if the current user is not a user from the current domain e.g. we are using the TF domain but the current user is from ORC domain.
step2 needs to be enabled also to run any of the following.
step2Pt1: This is a search directly in the Other domain.
step2Pt2: This is a search using the Foreign Security Principal.
step2Pt2foreignuser: This is a search for groups that the user is a direct foreign member of e.g. an ORC user directly added to a TF group.
step2Pt2foreigngroups: This is a search for groups that the user belongs to in the Other domain in the current domain e.g. an ORC group add to a TF group.
step3: This is the legacy step and will only run at this point if no groups have been found so far. This check recursively navigates through the details of the groups it discovers.
Comments
0 comments
Please sign in to leave a comment.