Sign In
Problem
When attempting to add users to the Employee List from Active Directory, the error 'Could not get Extended AD info' appears.
Error Message
[#430255] An error occurred while importing a custodian
Could not get Extended AD info - [#100000] ADS Crawler error: Catalog server matching the user DN does not exist: CN=John Doe,OU=Users,DC=XYZ,DC=COM
Cause
Either the domain(s) to crawl have been entered incorrectly, or the Global Catalog cannot be reached.
Solution
Two step resolution:
First; determine which domains need to be crawled.
Second; point the program to query the correct Domain Controllers for each domain that is crawled.
Domains to Crawl:
Use the DC section of the error to determine what needs to be placed in the Domains to crawl:
Example: DC=XYZ,DC=COM (from the error) results in xyz.com to be placed in the Domains to crawl.
(System | Email Servers | Active Directory | 1. Domains to crawl)
By default do not include an Administrator to the Domain information. The account used to start the Symantec/Clearwell application will be used to query Active Directory.
Domain Controller:
(By default, up to three Domain Controllers can be identified)
Option 1:
Use ADSCrawler_output logs to determine what server to use in the ESA property:
esa.adscrawler.preferred_dc
- Examine the ADSCrawler logs for:
INFO DSCrawlerService - Processing Domain: DC=TEST,DC=LOCAL
INFO DSCrawlerService - Binding to domain controller: cwlabdc01234.test.local
Repeat for each Domain to Crawl.
From the above example, the setting would be:
dc=test,dc=local:cwlabdc01234.test.local
Option 2:
Use LDP.exe to determine what server to use in the ESA property:
esa.adscrawler.preferred_dc
1. Logon to the Clearwell appliance.
2. If necessary, install 'Active Directory Lightweight Directory Services'
- Open Server Manager
- Add Roles
- Select 'Active Directory Lightweight Directory Services'
(do not restart the server or services)
3. Start | Run | ldp.exe
4. From LDP utility: Connection | Bind | 'Bind with credentials'
5. If possible, use the failing users credentials otherwise use a Symantec/Clearwell account.
6. The last line will note if the Authentication was successful
Authenticated as: 'XYZ\JohnDoe'
7. Scroll up to the line:
ldapServiceName: xyz.com:xyzdc001$@XYZ.COM
The ESA property esa.adscrawler.preferred_dc value would be:
dc=xyz,dc=com:xyzdc001
Note: additional domain controllers can be added by separating the entries with a ;
Example: dc=xyz,dc=com:xyzdc001;dc=xyz,dc=com:xyzdc002;dc=xyz,dc=com:xyzdc003
How to modify ESA property settings:
1. Logon to the web page using an account with System Administrator rights
2. Select System | Support Features | Property Browser
3. Modify the following fields: (case sensitive)
Name of property to change: (insert the esa property)
New value (leave blank to remove): (insert the value)
4. Check: Confirm change. Are you sure?
5. Press Submit
Services do not need to be restarted.
Terms of use for this information are found in Legal Notices.
