Step 5: Checking your search results

Click Next to test your search settings.

If you have changed any of the default attributes used for the LDAP search, you can use the test window to confirm that you have correctly retrieved the attribute you were expecting. To view full details of groups and users on this window, check the Show detail box. (This option is not available for Mail configurations.)

You can reorder columns in the table by clicking and dragging the top of the column.

For groups, each line includes:
  • The result from the name template after it has been changed using any template rules.
  • The GUID. If there is no group GUID attribute, this is derived from the DN.
  • The Group Token, retrieved using the Group Token attribute.
  • The DN automatically retrieved by the Directory Synchronization Client.
  • The number of parents that this group belongs to (normally 0 or 1) and the DN of the first of these groups. This is retrieved using the Group Parents attribute.
  • The number of users in this group and the DN of the first of these users. This is retrieved using the Group Members attribute.
For users, each line includes:
  • The result from the name template after it has been changed using any template rules.
  • The GUID. If there is no user GUID attribute, this is derived from the DN.
  • The email address retrieved using the Primary Mail attribute.
  • The Primary Group retrieved using the Primary Group attribute.
  • Groups that the user belongs to.
  • The DN automatically retrieved by the Directory Synchronization Client.

For both groups and users, if the name, the GUID, or the DN is blank, you should correct the attribute names before starting a synchronization.

If you see no results in this window, check that:

  • The source type on the Configure data source window is correct. For information on configuring multiple data sources and advanced details, see Step 2: Selecting your data source.
  • The Search scope field on the LDAP search configuration window is set to Sub-tree. This returns the most results.
  • The Search base field on the LDAP search configuration window is set to a suitable level in your LDAP server’s hierarchy to find the mail addresses or groups and users that you want.
  • The location specified in the Search base field exists in the LDAP server directory. If in doubt, return to the top of the LDAP server tree and then navigate to the location you want.
  • You haven’t changed the Search filter field. Click Defaults to reset this field setting.
  • Your authentication settings are sufficient to return details from the LDAP server. If you selected anonymous from the Authentication drop-down list and no results are returned, try selecting simple and entering a username and password.

For users and groups, the search results display the names constructed from the Name template field. Check that these are representative names. For example, for users in a Microsoft environment, the names should represent the “domain\username” identity of individual users.

Click Next to continue. See Step 6: Selecting groups for synchronization.