Troubleshoot Accounts and Attributes

The following topics provide help with troubleshooting account issues.

Allow Access to Account Attributes

AD Bridge Enterprise is compatible with Small Business Server 2003. However, because the server locks down several user account values by default, you must create a group in Active Directory for your Unix computers, add each AD Bridge Enterprise client computer to it, and configure the group to read all user information.

On other versions of Windows Server, the user account values are available by default. If, however, you use an AD security setting to lock them down, they will be unavailable to the AD Bridge Enterprise agent.

To find Unix account information, the AD Bridge Enterprise agent requires that the AD computer account for the machine running AD Bridge Enterprise can access the attributes in the following table.

Attribute Requirement

uid

Required when you use AD Bridge Enterprise in schema mode.

uidNumber

Required when you use AD Bridge Enterprise in schema mode.

gidNumber

Required when you use AD Bridge Enterprise in schema mode.

userAccountControl

Required for Directory Integrated mode and Schemaless mode. It is also required for unprovisioned mode, which means that you have not created an AD Bridge cell in Active Directory.

To allow access to account attributes:

  1. In Active Directory Users and Computers, create a group named Unix Computers.
  2. Add each AD Bridge Enterprise client computer to the group.
  3. In the console tree, right-click the domain, choose Delegate Control, click Next, click Add, and then enter the group named Unix Computers.
  4. Click Next, select Delegate the following common tasks, and then in the list select Read all user information.
  5. Click Next, and then click Finish.
  6. On the target Unix, Linux, or Mac computer, restart the AD Bridge Enterprise agent to reinitialize the computer account’s logon to Active Directory and to get the new information about group membership.
  7. Run /opt/pbis/enum-users to verify that you can read user information.

For more information, please see Storage Modes in the AD Bridge Installation Guide.