The following troubleshooting steps may be used if a Password Sync event is not finding the target to synchronize to:
Verify join data
Password synchronization only supports direct joins, not transitive joins, so inspect the problem account to verify the joins are present. In version 7.1 and newer the join editor in the time traveler may be used, for older versions use the rule tester:
Verify account name case
There is a known issue in versions 6.4.6 and lower when the user's sAMAccountName contains mixed-case characters. The AD password filter returns values in lower-case, which can cause a failure of the case-sensitive sAMAccountName query. To see if this is impacting, inspect sAMAccountName in the time traveler and verify if it has upper-case characters.
Check targets directly
The following javascript snippet may be run from developer tools in Identity Panel to directly query the API endpoint that identifies password targets:
helpers.rest.post('passwordsync/<AD Silo Id>', { Data: ['<sAMAccountName>']},
function (r) { console.log(r); });
Comments
0 comments
Please sign in to leave a comment.