Error while setting up automation with external data source in ADManager Plus: Users fetched from data source are not in delegated OUs of technician/The attribute list provided in configuration is insufficient.

Error while setting up automation with external data source in ADManager Plus: Users fetched from data source are not in delegated OUs of technician/The attribute list provided in configuration is insufficient.

Issue description  

When configuring automation in ADManager Plus, users may encounter the following error:
"Users fetched from data source are not in delegated OUs of technician / The attribute list provided in configuration is insufficient."

This error prevents successful mapping of fetched user data to Active Directory (AD) objects.

Possible causes  

  1. The attribute configured for the search criteria in automation does not match any user object in AD.

  2. The primary key configured for the endpoint does not uniquely identify an AD user.

  3. The technician who created the automation does not have access to the fetched users in AD.

  4. The attribute list in the configuration is incomplete, preventing proper user identification.

Prerequisites  

  • Ensure that the integration with the external application is configured correctly in ADManager Plus.

  • Verify that the external application provides a unique user identifier (e.g., Employee ID, Email, UPN, or samAccountName).

  • Confirm that the technician has the necessary delegated permissions in the OU.

Resolution

Step 1: Check data source report in ADManager Plus   

  1. Log in to ADManager Plus.
  2. Navigate to the Automation tab and edit the automation in question.
  3. Click the icon located next to the Run Now button for the automation, then select Datasource Report.

 

  1. Look for any users displaying the status Unable to map to an AD object. This indicates that the unique identifier of the fetched user does not correspond to any existing Active Directory user.

 Step 2: Verify the search criteria in automation   

  1. In Automation, check the configured search criteria.

  2. Ensure it correctly maps to an existing AD attribute.

Example: If Employee ID is the primary key, the search criteria should be set to Employee ID in AD.

  1. Modify the search criteria if necessary and re-run the data fetch operation.

 Step 3: Check If the unique value exists in AD   

  1. Open Active Directory Users & Computers (ADUC).

  2. Search for the user using the unique value retrieved from the external application.

  3. If no matching user is found, this means the user does not exist in AD.

    • In this case, the user record in the external application must be updated, or the AD entry must be created.

 Step 4: Adjust LDAP attribute mapping in ADManager Plus   

  1. Navigate to Directory/Application Settings > Application Integrations.

  2. Edit the application Integration in use.

  3. Check the attribute mapping between the external application and AD.

  4. Ensure the mapped attributes align with actual AD attributes.

  5. Modify the mapping if needed and save the changes.

 Step 5: Verify delegated permissions to the OUs for the technician   

  1. Go to Delegation > Help desk Technicians.
  2. Select the technician account and review the delegated OUs.

  3. Ensure the technician has access to the required OUs where users exist in AD.

  4. Modify permissions if necessary.

 Step 6: Re-run the data fetch operation   

  1. After making the necessary changes, refresh the data sync in Automation.

  2. Verify if users are now mapped correctly to AD objects.

Tips   

  • Always verify the primary key used for mapping in the external application and ensure it exists in AD.

  • Ensure technicians have the correct delegated access to the OU(s) to view and manage users.

  • If users are still not being mapped, consider checking attribute sync logs for any errors.

How to reach support   

If the issue persists, contact our support team here

                  New to ADSelfService Plus?