IDPA - Unable to configure LDAP/LDAPS in ACM UI with error "AD username doesn't match with any of AD user attributes userPrincipalName or sAMAccountName or distinguishedName."
Summary: Integration Data Protection Appliance (IDPA) - Unable to configure LDAP/LDAPS in ACM UI with error "AD username does not match with any of AD user attributes userPrincipalName or sAMAccountName or distinguishedName." ...
This article applies to
This article does not apply to
This article is not tied to any specific product.
Not all product versions are identified in this article.
Symptoms
Symptom: Ldap validation report following error:
"AD username <Query username> doesnt match with any of AD user attributes userPrincipalName or sAMAccountName or distinguishedName. Please set user name to either of userPrincipalName or sAMAccountName or distinguishedName."
Here is an example:
"AD username <Query username> doesnt match with any of AD user attributes userPrincipalName or sAMAccountName or distinguishedName. Please set user name to either of userPrincipalName or sAMAccountName or distinguishedName."
Here is an example:
Cause
The Query username (email id) does not match the AD user Principal name in Active Directory. This typically happens when the AD environment has one or more alternative UPN Suffixes configured.
Resolution
- Find out the query user's AD principal name by running the following Powershell command from DC server:
PS > Get-ADUser ldap_mc
DistinguishedName : CN=ldap_mc,CN=Users,DC=sample,DC=local
Enabled : True
GivenName : ldap_mc
Name : ldap_mc
ObjectClass : user
ObjectGUID : 3bfeb0fb-e847-4ce9-bc90-063a4aacb698
SamAccountName : ldap_mc
SID : S-1-5-21-1662742796-4059566609-1305176975-1632
Surname :
UserPrincipalName : ldap_mc@sample.com
PS > Get-ADDomain
AllowedDNSSuffixes : {}
ChildDomains : {}
ComputersContainer : CN=Computers,DC=sample,DC=local
DeletedObjectsContainer : CN=Deleted Objects,DC=sample,DC=local
DistinguishedName : DC=sample,DC=local
DNSRoot : sample.local
DomainControllersContainer : OU=Domain Controllers,DC=sample,DC=local
DomainMode : Windows2016Domain
DomainSID : S-1-5-21-1662742796-4059566609-1305176975
ForeignSecurityPrincipalsContainer : CN=ForeignSecurityPrincipals,DC=sample,DC=local
Forest : sample.local
InfrastructureMaster : dc1.sample.local
LastLogonReplicationInterval :
LinkedGroupPolicyObjects : {CN={31B2F340-016D-11D2-945F-00C04FB984F9},CN=Policies,CN=System,DC=sample,DC=local}
LostAndFoundContainer : CN=LostAndFound,DC=sample,DC=local
ManagedBy :
Name : sample
NetBIOSName : SAMPLE
ObjectClass : domainDNS
ObjectGUID : d28bd32a-5e44-4332-b861-a65adb43f5b1
ParentDomain :
PDCEmulator : dc1.sample.local
PublicKeyRequiredPasswordRolling : True
QuotasContainer : CN=NTDS Quotas,DC=sample,DC=local
ReadOnlyReplicaDirectoryServers : {}
ReplicaDirectoryServers : {dc1.sample.local}
RIDMaster : dc1.sample.local
SubordinateReferences : {DC=ForestDnsZones,DC=sample,DC=local, DC=DomainDnsZones,DC=sample,DC=local,
CN=Configuration,DC=sample,DC=local}
SystemsContainer : CN=System,DC=sample,DC=local
UsersContainer : CN=Users,DC=sample,DC=local
- From above PS command output, it shows the UserPrincipalName for this ldap_mc account is ldap_mc@sample.com, not the same as the AD domain name sample.local (its Distinguished Name). When configure IDPA LDAP/LDAPS, always use the User Principal Name for Query username, in this example: ldap_mc@sample.com
Affected Products
PowerProtect Data Protection Software, Integrated Data Protection Appliance Family, Integrated Data Protection Appliance SoftwareArticle Properties
Article Number: 000189353
Article Type: Solution
Last Modified: 06 Sep 2022
Version: 2
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.