Hi,
We are using Active Directory for user auth. in our system. Recently a lot of users have changed/updated email addresses in AD. I wonder if this will get synced over at any time? Or if I have to trigger a sync manually?
BR
Jan-Terje Larsen
There is a scheduled task "Skyline DataMiner LDAP Resync" in the Windows Task Scheduler that performs a sync every hour, on the hour. You can manually trigger this task to see the changes reflected in DataMiner sooner. You can follow the progress in the C:\Skyline DataMiner\Logging\SLDataMiner.txt logfile, also available in Cube > System Center > Logging > DataMiner:
2021/02/11 07:25:34.600|SLDataMiner|1680|11276|CDataMiner::Handle_NT_REFRESH_LDAP|DBG|-1|NT_REFRESH_LDAP: Starting...
2021/02/11 07:25:34.775|SLDataMiner|1680|11276|CDataMiner::Handle_NT_REFRESH_LDAP|DBG|-1|NT_REFRESH_LDAP: Updating group 'DOMAIN\Group1'
2021/02/11 07:25:34.878|SLDataMiner|1680|11276|CDataMiner::Handle_NT_REFRESH_LDAP|DBG|-1|NT_REFRESH_LDAP: Updating group 'DOMAIN\Group2'
2021/02/11 07:25:34.943|SLDataMiner|1680|11276|CDataMiner::Handle_NT_REFRESH_LDAP|DBG|-1|NT_REFRESH_LDAP: No changes detected.
Note: according to the documentation on the LDAP/AD configuration changes should be reflected in realtime when using Active Directory, unless this has been disabled in the DataMiner.xml configuration file via <LDAP notifications="false" />
The C:\Skyline DataMiner\Logging\ActiveDirectory.txt logfile contains more detailed logging information (depending on the log levels). I would expect to see for example:
LdapConnection::LdapConnection|INF|3|Connected to the server.
LdapConnection::LdapConnection|INF|3|Successful bind.
LdapConnection::AddLDAPNotification|INF|3|Notification registration for
LdapConnection::AddLDAPNotification|INF|3|Registered for change notifications on
LdapConnection::AddLDAPNotification|INF|3|Got current state
CActiveDirectoryInfo::ProcessMessage|DBG|-1|Change [850921936] for distinguishedName
CActiveDirectoryInfo::ProcessMessage|DBG|-1|Change in class -user- : user = TRUE, group = FALSE
Hi Jan-Terje,
FYI, we’re looking to change the software so that we will no longer work with the notifications. This means that we will have only the hourly updates.
Thanks for pointing out this log as well.
When I logged on this morning I noticed my mail was changed. I’ve then modified the mail address of another user, and I could see in the logs that this was picked up quite soon after the change. While in System Center in my Cube Client it was not visible right away. It took some more minutes before it showed.
After all it seems everything is working ok, it was my patience that was to short.
Hi Jan-Terje,
The sync occurs every hour. You can find this configuration in the Task Scheduler:
Hi guys, on the topic I have a DMA that does not use authentication in Windows AD, so the question is can I disable this task in Windows or not?
The recommendation is keeping this task enabled. It will not clash and if you would ever integrate with an Active Directory, disabling this task would cause problems there.
Thanks a lot for your quick reply.
I can see the “NT_REFRESH_LDAP” entries in the log, on every hour.
And I do not find any LDAP entries in our DataMiner.xml file. So I guess that means changes should appear in realtime then?
Anyways, my users still have the old email addresses 🙁 What would be the next thing to check?