Re: TMS new users not automatically pulling in user information

Gregory Brunn · ‎10-31-2017

I am running tms 15.5, when users first login they are added to the correct group but the firstname, lastname, and email address information needs to be populated manually. I also have ldap configured and can see run ldap sync when I link on users.

If a user does not input anything and I run the sync the firstname lastname and email address never populate, also I don't understand why the prompt for the user to insert this information in the first place exist if ldap sync is enabled.

Also when I test my lab sync it works, is this as designed behavior?

Patrick Sparkman · ‎10-31-2017

If the user's data is able to be imported from AD when they first login, than the prompt for the user to update their information will never appear, the only time a user will be prompted to update their account is when either the username, first name, last name, or email doesn't populate from AD.
Is the Windows server joined to your AD domain?
Can you verify if your Active Directory configuration is correct and is able to connect under Admin Tools > Configuration > Network Settings?

Gregory Brunn · ‎10-31-2017

Yeah
Tms is part of the domain, in the network
Active directory configuration says connected successfully when tested from the admin tools configuration,
So sounds like something is off, If I connect to ldap and the connection is successful and you are saying that the first time a user come into tms I should not get the pop off something is still wrong.
I have verified in the admin tools -> Configuration -> Network settings… even when I run a sync it says successful.
Any logs I can check?

Gregory Brunn · ‎11-01-2017

One thing I am seeing i my doamin is lab.com on the domain, while my users are all logging in with lab_it.

My domain in the ldap setting is lab.com I am assuming if the username showed as lab.com\greg then I wouldn't have the problem but since the users show as lab_it\greg it isn't exactly matching up, but authentication has no issues, does this sound like the source of my issue.

Patrick Sparkman · ‎11-01-2017

That could be the issue, because the accounts are created as domain\username. What happens if you change the "Ad Lookup Account - Domain" under Network Settings in TMS to be lab_it instead of lab.com?

Gregory Brunn · ‎11-01-2017

First thing I tried. Still fails, ldap connectivity test still past and everything still looks good. When do the test it still says connected to LAB.com instead of LAB_IT

Zac Colton · ‎11-01-2017

The DOMAIN\username that is displayed for each TMS user is of the NETBIOS form of the Windows Domain that the user is in. Do not confuse the NETBIOS Domain name and the FQDN of the Active Directory Domain. There could be a number of things that could affect the function of autoupdating user data from Active Directory, starting with the Active Directory configuration within TMS. There could also be some complexity of the Active Directory environment that you may be missing. For example, there could be a trust between to Active Directory Domains, and TMS can only be configured to point to one Active Directory environment.

Gregory Brunn · ‎11-01-2017

Good to know about the difference between the netbios name and the windows domain.

As far as I know there is no trust.

If my ldap configuration saves and test correctly I don't see how this could be a misconfiguration on this side. The service account created is a domain user with read only rights so it can view the whole structure.

Anything else you can point me to from a log standpoint or something to troubleshoot the issue deeper.

Zac Colton · ‎11-01-2017

Based on the initial input in this post thread, you should review the TMS diagnostic logs for errors/issues. If the Active Directory user data sync is set to specific schedule, you should review the scheduler service logs. For the manual run of the task to sync the user data, you should review the log-web logs. Even though the test function does not return an error when you save the settings, it does not mean that there is a misconfiguration. The misconfiguration could be based on what you have configured, and what your Active Directory environment is comprised of.