Active directory change, user setup not populating

(0) Share

Report

Posted on by Martin Haramburu

187

After moving a virtual machine deployment and changing its domain, I cannot link users to AD, neither on user setup nor in workflow setup.

I am local admin, and have AD operator permission.

I have the same question (0)

All responses (11)

Answers (1)

Martin Haramburu 187 on at

Like (0)

Report

RE: Active directory change, user setup not populating

I follow up this issue. I happened again, the ad lookup is not working. Anything else to try and debug this problem?

regards,

Was this reply helpful? Yes No
Derek Albaugh on at

Like (0)

Report

RE: Active directory change, user setup not populating

Great, thanks for sharing the resolution with the community.

I'm sure this will save someone else some time in a similar situation.

Have a great day.

Was this reply helpful? Yes No
Verified answer

Martin Haramburu 187 on at

Like (0)

Report

RE: Active directory change, user setup not populating

Derek:

we found the solution, I post for the benefit of all.

There were two clonned servers. they had the same sid.

So, on the terminal one, we run sysprep. That took it off the domain. After re-adding it to the domain, the other server (sql) started working ok, and the user lookup was resolved.

Thanks!.

Was this reply helpful? Yes No
Derek Albaugh on at

Like (0)

Report

RE: Active directory change, user setup not populating

Normally if everything is on and using the exact same domain, i.e. there is only one domain, there really isn't anything to setup other than you need to be logged onto the machine when using Dynamics GP, as a domain account with permissions to query the Active Directory users and groups.

You can look for these two logs which are generated if and when there is an issue with the Workflow Engine itself:

1. DynamicsGP_WorkflowGP.log

This log is found on the local user's TEMP directory, for the user that is logged into Dynamics GP. (i.e. C:\Users\(userID)\AppData\Local\Temp\ )

2. DynamicsGP_WorkflowGP.WorkflowEngine.log

This log is found on the SQL Server machine's Temp directory of the user running the SQL Server service. (i.e. C:\Users\MSSQLSERVER\AppData\Local\Temp )

If either of these get generated when you're attempting, but failing, to add domain users into the Workflow Maintenance window whether as a workflow manager, approver or alternate final approver, it may give more information as to what the issue is.

The only issue we've really seen, is when an AD user doesn't have a Display Name setup in the AD user account properties, the domain name will show up in People & Groups, but when clicking OK to add it to Workflow, it doesn't show up in the GP window, but in your case, it doesn't even display the domain user name in the People & Groups window, nor can you manually add it and find it.

Thanks

Was this reply helpful? Yes No
Martin Haramburu 187 on at

Like (0)

Report

RE: Active directory change, user setup not populating

I follow up my previous answer:

the domain administrator logged with sa got the same results.

Also I configured in SQL a linked server to inspect the domain users.

I could successfully query ADSI (with my domain account) to get all users and I am in the same OU as administrator.

just to try I could not add this user either.

it must be some restriction in the way that GP is querying the active directory?

Was this reply helpful? Yes No
Martin Haramburu 187 on at

Like (0)

Report

RE: Active directory change, user setup not populating

Hi Derek:

just to clarify: version 2018 R2.

1. yes, the sql machine is in the same domain.

2. i will ask IT.

3. yes. I can browse AD, and add any user and set permissions. no problem.

4. i will ask IT.

5. ok, I re-ran it. (i have done it before). Results:

Configuration option 'clr enabled' changed from 1 to 1. Run the RECONFIGURE statement to install.

Warning: The Microsoft .NET Framework assembly 'system.directoryservices, version=4.0.0.0, culture=neutral, publickeytoken=b03f5f7f11d50a3a, processorarchitecture=msil.' you are registering is not fully tested in the SQL Server hosted environment and is not supported. In the future, if you upgrade or service this assembly or the .NET Framework, your CLR integration routine may stop working. Please refer SQL Server Books Online for more details.

Warning: The Microsoft .NET Framework assembly 'system.runtime.serialization, version=4.0.0.0, culture=neutral, publickeytoken=b77a5c561934e089, processorarchitecture=msil.' you are registering is not fully tested in the SQL Server hosted environment and is not supported. In the future, if you upgrade or service this assembly or the .NET Framework, your CLR integration routine may stop working. Please refer SQL Server Books Online for more details.

Warning: The Microsoft .NET Framework assembly 'smdiagnostics, version=4.0.0.0, culture=neutral, publickeytoken=b77a5c561934e089, processorarchitecture=msil.' you are registering is not fully tested in the SQL Server hosted environment and is not supported. In the future, if you upgrade or service this assembly or the .NET Framework, your CLR integration routine may stop working. Please refer SQL Server Books Online for more details.

Warning: The Microsoft .NET Framework assembly 'system.web, version=4.0.0.0, culture=neutral, publickeytoken=b03f5f7f11d50a3a, processorarchitecture=amd64.' you are registering is not fully tested in the SQL Server hosted environment and is not supported. In the future, if you upgrade or service this assembly or the .NET Framework, your CLR integration routine may stop working. Please refer SQL Server Books Online for more details.

....etc.

Was this reply helpful? Yes No
Derek Albaugh on at

Like (0)

Report

RE: Active directory change, user setup not populating

The SQL service account is only used during the actual Workflow processing, for just adding domain users via the People & Groups window and/or adding an AD user to a GP login in the User Setup, it's actually using the permissions that your Windows account has, that you're logged onto the machine as.

To verify:

>The users you're trying to add are on the same domain that the SQL Server is on, as well as the machine you're logged onto when accessing Dynamics GP?

>By default, Dynamics GP is mainly tested with domain users under 'Active Domain Users and Computers' > Users. If you have domain users that are under multiple layers/organizational units in the Active Directory, your account must have permissions to at least read each one of those layers/levels, otherwise Dynamics GP won't find the user.

>On the same machine as Dynamics GP is installed onto, if you create a new folder on the Windows desktop, are you able to add these domain users to it to give security to, as a test, or do you see the same issue where you cannot add domain users there either, which would show whether the issue is related to Dynamics GP or something bigger.

>If you logon to the machine as THE domain administrator, i.e. DomainName\Administrator, then login to Dynamics GP as 'sa', can you then add domain users into the Workflow Maintenance window or User Setup window, or still not?

>You can try running the 'EXEC wfDeployClrAssemblies' script against your DYNAMICS/system database to drop and re-create the assemblies, functions, procedures that are used by Workflow, then once it runs successfully, log back into Dynamics GP and test adding domain users into the GP application.

I'd take a look at the above and see if this shows us anything or helps narrow to what the potential cause could be.

Thanks

Was this reply helpful? Yes No
Martin Haramburu 187 on at

Like (0)

Report

RE: Active directory change, user setup not populating

yes. I tried. also with full domain name, and also with account@domain

no success.

Was this reply helpful? Yes No
Mike Bufano 1,484 on at

Like (0)

Report

RE: Active directory change, user setup not populating

So did you try typing in the domain and user?

I have had success with this for clients where the lookup does not work.

You can get the value by typing whoami from the user workstation. The result will be domain\userid

Was this reply helpful? Yes No
Martin Haramburu 187 on at

Like (0)

Report

RE: Active directory change, user setup not populating

I changed the service account of SQL to a domain account (it was local account default), and restarted server. then logued again to GP with sa, logued in windows as the same user running sql. This domain user also set as system admin rights on sql. Chequed with IT, this user has operator role in domain.

Also I could successfully change admin user in Management reporter and added several domain users.

But it still not finding users.

any other ideas to try?

regards,

Martin

Was this reply helpful? Yes No