Troubleshooting AD/Entra ID synchronisation

Check the following troubleshooting guide if having problems with AD/Entra ID synchronisation

The first step in troubleshooting issues with the Active Directory Manager is to check the Active Directory event log. This will reveal a lot of information about the activity of the service, as well as any errors or other behaviour that may be causing issues.

General things to check first

  1. Is the Active Directory service started and running? Synchronizations only occur when the service is running.
  2. Are all of the Active Directory Profiles enabled?

Clients in HelpMaster are not being created

Check the following

  1. Check that the profile is enabled
  2. Check that the profile you expect to work has the “Create client” checkbox checked.
  3. The client has enough information to validate (eg, requires either a first or last name, staff member also requires a skill group, etc)
  4. The client(s) in question are enabled for Active Directory synchronization

Clients in HelpMaster are not being updated

Check the following

  1. Check that the profile is enabled
  2. Check that the profile you expect to work has the “Update client” checkbox checked.
  3. The client has enough information to validate (eg, requires either a first or last name, staff member also requires a skill group, etc)
  4. The client(s) in question are enabled for Active Directory synchronization

Clients in HelpMaster are not being deleted

Check the following

  1. Check that the profile is enabled
  2. Check that the profile you expect to work has the “Delete client” checkbox checked.
  3. The client(s) in question are enabled for Active Directory synchronization
  4. In order to query deleted Active Directory users (Tombstone objects), a high-level user account with domain administrative privileges is required. Check that the account used to run the HelpMaster Active Directory service has sufficient network permissions.

The wrong clients have been associated with the wrong Active Directory Account

Check the following

  1. Disassociate the affected client(s)
  2. Select a more appropriate client matching pattern in the profile
  3. Run the Active Directory service again
  4. Check the results

Duplicate clients are being created in HelpMaster

Check the following:

  • Do you have more than one profile that has the “Create” option turned on? Multiple “Create” profiles that have different client matching patterns may create duplicates.
  • Is the client matching pattern correct?
  • Have you recently clicked the “Disassociate All” button and then run the profiles again and changed the client matching pattern?
  • How many duplicates are being created? Only a few, or every client?
  • If only a few, check whether the original client is enabled for Active Directory synchronization. If they are not enabled, and they do not have any previous synchronization data, then this will cause a duplicate to be created.