Adaxes

Can't create new Users

0 votes

Hi,

I can't create new users any more.
The users get created in the Active Directory, but the User Creation of Adaxes never finishes (the popup with "Creating new user" never finishes, I have to kill the process of the administration console). My Business Rules that should trigger when a new user is created are also not triggered. I can modify and delete existing users without a problem.
Creating users directly with AD Management Tools also works without a problem.
When users are trying to change their passwords via the webinterface, they have the same issue (the "changing password" popup never finishes).
I installed Adaxes on a seperate server with no configuration at all, but I have the same problems there.
I can't find any related errors in the event log.

Can anyone help?

by (20 points)

1 Answer

0 votes
by (216k points)

Hello,

If the issue persists even on a separate server with the default configuration of Adaxes, most probably, it is related to your environment. To troubleshoot the issue, you should check Event Log for related errors on the Domain Controller (DC) Adaxes is connected to. To find out which DC Adaxes is using for a domain, you can create a Custom Command as follows and execute it on any user from the domain you need. The DC will be displayed in the ​Execution Log after the command completes.
To create the Custom Command:

  1. Launch Adaxes Administration Console.

  2. In the Console Tree, right-click your service.

  3. In the context menu, navigate to New and click Custom Command.

  4. On step 2 of the Create Custom Command wizard, select User object type and click Next.

  5. Click Add an action.

  6. Select Run a program or PowerShell script and paste the following script into the Script field:

     $domainName = $Context.GetObjectDomain("%distinguishedName%")
 $rootDSE = $Context.BindToObject("Adaxes://$domainName/rootDSE")
 $domainControllerFQDN = $rootDSE.Get("dnsHostName")

 $Context.LogMessage("Domain Controller: $domainControllerFQDN", "Information")

  7. Enter a short description and click OK.

  8. Click Next and finish creating the Custom Command.

If you have multiple DCs, you can try to configure Adaxes to use another DC. For details, see: https://www.adaxes.com/help/?HowDoI.Man ... omain.html.

0

Hi,

the problem is with reseting the password. I can create a user if I don't specify a password. When I try to reset the password, it never finishes.

I changed the DC Adaxes connects to, but I still the same behaviuor.

I searched the EventLog of my DC's already, but I can't find anything.
The strange thing is that I can reset passwords successfully with AD Management Tools, only Adaxes has problems.
I think the behaviour of Adaxes is also strange, it doesn't log anything in the EventLog on the server or in the ServiceLog by Adaxes. It just tries to reset the password but never finishes (we let it run for hours, but no timeout or error).

by (20 points)
moved by
0

Hello,

the problem is with reseting the password. I can create a user if I don't specify a password. When I try to reset the password, it never finishes.

Resetting a password is a security sensitive operation which can invoke a prompt for additional authentication (e.g. PIN for a Smart Card). Adaxes does not expect an input request for such operations and in such cases waits for a response from DC endlessly.
The prompt can appear because of software related to Smart Cards. So, you should check if such software is installed on the computer where Adaxes service is running.

I think the behaviour of Adaxes is also strange, it doesn't log anything in the EventLog on the server or in the ServiceLog by Adaxes. It just tries to reset the password but never finishes (we let it run for hours, but no timeout or error).

The log records are not created because the operation is not complete.

by (216k points)
moved by

Related questions

0 votes
1 answer
Is there a way to create new users, modify existing users or terminate users based on a scheduled CSV file received?

We are working with an HR package that will send us a CSV file every 4 hours with a list of users that need to be created, modified or deleted from our environment. The CSV ... change, etc.) Is there a script that can manage all of that on a scheduled basis?

asked Sep 2, 2020 by RayBilyk (230 points)
0 votes
1 answer
2021.1 Upgrade - Can't Add New Server to Shared Configuration

We are attempting to update from 2021.1 version 3.14.20916.0 to the most current version - 3.14.21404.0. We have two servers in a multiserver configuration once ... Adaxes Service reverts to the previous server that no longer exists and displays the error.

asked Sep 1, 2023 by awooten (60 points)
0 votes
1 answer
Can't add on-prem users to Azure AD group

We have a Hybrid enviroment where our On-Prem AD is leading. We also have cloud only groups. Now I need to give key users rights to manage the memebership of the cloud ... cannot select the On-Prem domain. The option is greyed out. Am I missing something?

asked Jan 30 by a.blonk (170 points)
0 votes
1 answer
How can I lock down the self service portal? Users can't edit AD attributes.

I am basically setting up the self service portal to only allow a user to reset thier own passwords.

asked Oct 19, 2022 by mightycabal (1.0k points)
0 votes
1 answer
Can't authenticate with servers if the user is in the built-in group "Protected Users"

We can authenticate if we login to the machine hosting the service but if I have the client installed on my desktop, I can't authenticate with any ... .com/en-us/windows-server/security/credentials-protection-and-management/protected-users-security-group

asked Sep 12, 2022 by mark.it.admin (2.3k points)
3,347 questions
3,048 answers
7,787 comments
545,035 users