cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
sbrammer1
Engaged Sweeper II

I have been working with Support on this issue for the last two months, and the last time I have heard from them was on 7/22, so I am trying to see if anybody here in the Forums can also assist because we really need this to work again. The last information I sent to Support (besides asking for updates) was log files from using the testconnection.exe as Support was saying the service account could not reach our DC's with Kerberos. 

Here's the short story: the ADUser table is no longer repopulating after support had me delete all of the users from the table. Currently, lansweeper is only seeing 49 users, where it should be a few thousand users. It was working just fine until a recent security change forced us to have the service account that was used to scan no longer have domain admin rights. We have verified the scanning targets are set up properly and have mapped to the right credential. 

I know it's set up right as it's scanning 49 users but can't figure out why it won't get the rest. Any more suggestions\guidance would be great.

1 ACCEPTED SOLUTION
sbrammer1
Engaged Sweeper II

Here's the response I received back from LS email support this morning, and once I did their suggestion, and re-scan our User Base, the Local AD user scan started to work again and it picked up the rest of our users. Thanks to both LS Email Support and the Forum Admins for assisting with this issue.

We could see in the Errorlog.txt that connecting to your AD domain and retrieving users and groups is not the problem. So the configuration is correct. However, we did come across an error that is usually thrown when the user that is performing the AD Scan (the Lansweeper Service Account) does not have sufficient access rights on the entire AD domain. 
Assigning permissions to AD users is done in Active Directory Users & Computers:

  • right-click your domain, choose Delegate Control..., Next
  • choose: Add and search for the AD user you use in Lansweeper(the Lansweeper Service Account), Next
  • Delegate the following common tasks: choose Read all user information (see: screenshot) and Read all inetOrgPerson information, Next
  • choose Finish

Please re-assign these permissions and Rescan the AD User/Group Path Scanning Target.

View solution in original post

11 REPLIES 11
sbrammer1
Engaged Sweeper II

We add new accounts daily as we are a community college, and those new accounts are not showing up. Those 49 accounts are mostly IT users, few service accounts (but not all), couple staff, and two retirees. 

I took a look at a few of those accounts, and all of them have AdminCount attributes set to 1 in their AD account properties. The rest of the accounts (from what i can tell that aren't syncing to LS don't have that attribute set)

sbrammer1
Engaged Sweeper II

In addition, we started to use the LS agent for scanning the computers.