04-28-2023 09:21 AM - last edited on 04-02-2024 10:21 AM by Mercedes_O
Hi,
I have several domains in my organization and for each domain, I have an error for scanning users. Lsw scans my RODC servers.
I have for all my domains "Preferred Domain Controllers" and my "Domain Ldaps Config" on the green status
I can't find it. The Rodc are not announced at the level dns or other ... If anyone can give me answers, assistance.
tks,
Solved! Go to Solution.
05-02-2023 11:49 AM
Hello there!
In and of itself, the LDAP error you're receiving doesn't necessarily indicate that AD data cannot be scanned. It does indicate that AD data could not be scanned by connecting to certain DCs. You can configure preferred domain controllers under Scanning\Scanning Targets but do be aware that these are only used for scanning.
For other LDAP connections, such as for performing clean-up, they're not used. Instead, the domain controllers in the domain are enumerated, and the scanning service will attempt to set up LDAP connections to domain controllers until one is successful.
In addition, certain parts of Active Directory scanning necessitate connecting to all available domain controllers, as they query the LastLogon attribute, which does not replicate across domain controllers:
While the error in and of itself isn't necessarily indicative of an issue, you can cut down on it by doing the following:
Again, this may not be necessary, and you may be able to ignore these errors. If you see no discrepancies in retrieved AD data, i.e., all AD attribute data is pulled in, you can ignore these errors.
05-02-2023 11:49 AM
Hello there!
In and of itself, the LDAP error you're receiving doesn't necessarily indicate that AD data cannot be scanned. It does indicate that AD data could not be scanned by connecting to certain DCs. You can configure preferred domain controllers under Scanning\Scanning Targets but do be aware that these are only used for scanning.
For other LDAP connections, such as for performing clean-up, they're not used. Instead, the domain controllers in the domain are enumerated, and the scanning service will attempt to set up LDAP connections to domain controllers until one is successful.
In addition, certain parts of Active Directory scanning necessitate connecting to all available domain controllers, as they query the LastLogon attribute, which does not replicate across domain controllers:
While the error in and of itself isn't necessarily indicative of an issue, you can cut down on it by doing the following:
Again, this may not be necessary, and you may be able to ignore these errors. If you see no discrepancies in retrieved AD data, i.e., all AD attribute data is pulled in, you can ignore these errors.
Experience Lansweeper with your own data. Sign up now for a 14-day free trial.
Try Now