0 votes

I have a weird issue that I am unable to figure out or replicate to any other user. I have one user who is unable to see his managed objects when he goes to "My Managed Objects". He is able to search for and view the groups he manages, but they just don't show up when he clicks "My Managed Objects". When the group is viewed in Adaxes, I see his account in the Managed By field and can click on it to view his properties. I have created a new user account and made it a manager of a group in that domain. I have logged in as the user and was able to see the group when I clicked "My Managed Objects". I was able to do this again with another account in the domain. Is there any reason why this user is not seeing his Managed Objects?

-Nothing is assigned in Blind User role.

Thanks

by (1.2k points)
0

Hello,

What version of Adaxes are you using? If you are using Adaxes 2012.1 (build 3.3.8815.0) and earlier, then most probably the issue is that the user does not have sufficient permissions to view the Managed Objects property of his own account. To check this:

  1. Logon to your Adaxes Service with the Administration Console using the credentials of the user who is experiencing the issue. For details, see Change Account Used to Log On to Service.
  2. Select his user account in the Console Tree.
  3. Check whether you can read the Managed Objects property of the account.
0

Was able to finally get in the same room with him to do this. With him logged into the Admin Console, he sees the entire list of Managed Objects when he clicks on his user object. I see the same think when logged on as an Admin.

1 Answer

0 votes
by (215k points)

Hello,

The other possible reason for such behavior is that the user does not have sufficient permissions to read the directory objects that he manages. To check this, you need to view the Security Roles assigned to the user and check whether the Security Roles grant him sufficient permissions to read the objects that he manages. For details on how to see Security Roles assigned to a user, see Viewing Security Roles assigned to Users or Groups.

0

I have a hard time with this being a rights issue. He is able to search or find the groups that he manages and then manage them. I have set one of these groups to be managed by a brand new user I created and it worked fine. The only thing that is not working is that he is not getting a list of his managed by objects when he clicks on My Managed Objects. Otherwise it works fine.

His account falls under the two builtin roles of Domain User and User Self-Service. Both these roles have not been changed from the installed defaults.
I have created another role named Object Managers and added Owner (Managed By) access to the OU locations of both the users and the groups with the Read 'Member' Property - Group, Write 'Member' Property - Group, Read All Properties - User & Group.

0

Hello,

If the user is assigned to the Domain User and User Self-Service Security Roles and not assigned to other roles that deny him the Read permission for the objects that he manages, this should be enough to view his managed objects in My Managed Objects. Please make sure that this user is not assigned to any security roles that deny him the necessary permissions.

0

We are still having issues with this one user. Again, he is able to manage the groups, he is just not being presented a list of those groups when he hit My Managed Objects in Adaxes. If he searches for the group, he is able to open the group and add\remove users.

-It is user specific and we can replicate it with his account on multiple computers and different browsers
- He is still able to manage the groups, but is unable to get a list when he clicks the My Managed Objects
- We copied his AD object and created another user with his same groups. Set that new user up to manage a group and that new user was able to find that group in the My Managed Objects
- I have given a number of users and test users in that domain the ability to Manage Groups in the same domain and they are all able to see those group in My Managed Objects
- He is not in any of the Roles in Adaxes outside of those for Self Service, Domain users, and the one created for Managed Objects
- He is not in any groups that are specified in any Roles in Adaxes
- I have reset the security on his AD object
- We had him log into the Admin Console as requested above and he can see the Managed Objects in his AD object
- When we click on his name in the Managed By field of one of those groups, it opens his object without err

I have tried and checked everything I can think of.

Thanks

0

Hello,

What version of Adaxes are you running? I'll ask our team to try and reproduce this issue in our environment.

0

The version I am running is 3.3.8906.0.

This might be difficult to reproduce. Is there any kind of debugging that I can provide to help with this?

0

We found it!!
One of the groups he was managing had special characters in it. We removed him as the manager and everything showed up in My Managed Objects.
BLAH BLAH - Operational Finance / Systems

0

Hello,

This is our bug, thank you for the bugreport! We'll fix it in our next version.

Related questions

0 votes
1 answer

Hi- Is it by design when viewing managed objects via Self Service, it list the user by display name? Can that view be change to include maybe full name? Thanks!

asked Nov 12, 2013 by MeliOnTheJob (1.7k points)
0 votes
1 answer

New to Adaxes and I'm working on creating Business Units. However, I noticed that when I create a new BU and select all objects in an OU for users, not ... Domain Admin. Any help with understanding why this is occurring would be greatly appreciated. Thanks!

asked Sep 18, 2014 by GeorgeM (100 points)
0 votes
1 answer

Actually it's a test account that's showing this issue. I logon as a test account that has recently been created so has not reports in AD. When I logon as that user ... members who are not managed by that account. Any ideas where I should look for a solution?

asked Mar 10, 2016 by bistromath (840 points)
0 votes
1 answer

I've enabled the "Account Expiration Notifier" builtin scheduled tasks. Currently, I'm testing it so I have "If account will expire in less than 300 days", it will send an ... SMTP settings are correct, seeing as I get the test send. What's going on here?

asked Jan 4, 2021 by keecit (40 points)
0 votes
0 answers

When I run the above script after selecting groups the custom field "Group" is not showing one of the selected groups and not all of the groups are being reported ... 2 specific security groups are appearing and neither in one that was included in the search

asked Nov 18, 2021 by A_Pastor (20 points)
2,807 questions
2,541 answers
6,613 comments
64,574 users