Portal can't find uses Email Address and Full Name from AD

1828
5
05-11-2018 07:38 AM
DavePowers
New Contributor

We set Portal for ArcGIS to use Integrated Windows Authentication but we can not add users because the Identity Store does not find the users Email Address and Full Name, which is included in the AD record.  When I query information on a user  it just shows the User ID and what is typed in the description field but the Email and Full Name information is blank.

Tags (3)
0 Kudos
5 Replies
ThomasColson
MVP Frequent Contributor

I'm shooting from the hip here, but can you Right Click -> Run as different User -> Service Account that is running Portal credentials on Active Directory Users and Computers, open up a user, and see all of the account attributes? More hip shooting, do the same with Powershell (running it as the service account credentials)? 

0 Kudos
MichaelMiller2
Regular Contributor

Another shot, has the password changed of the account that was used to setup the Identity Store in Portal? We ran into this problem and choose to use a service account rather than a user account.

0 Kudos
DavePowers
New Contributor

Sorry for the delay, I was in a meeting.

It was a service account that I tried first which had the password set to never expire, then I tried an AD account that I knew had elevated abilities in AD with the same results.  With both users the Portal Identity Store is able to pull the User ID and the Description but does not bring back the email address or Full Name.  Since the Identify Store uses the email address to help the user restore their password it will not let you add the user without it.

0 Kudos
JeffSmith
Esri Contributor

I wonder if the attributes used for your email address and full name in Active Directory are different.  If you copy and paste the example from the help doc, the "userFullnameAttribute" is set to "cn" and the "userEmailAttribute" is set to "mail".  If these are different in your environment, that could explain why they are coming back blank.  An easy utility to use to check this is the SysInternals ADExplorer.  Just query for your username and it will returns all of the attributes.

DavePowers
New Contributor

Jeff,

Thanks for the information, I will look into it this morning and let you know what I find.

Dave Powers GISP

IT Services Manager – GIS Division

Shasta County Information Technology

Redding, CA 96001

(530) 225-5257

dpowers@co.shasta.ca.us<mailto:dpowers@co.shasta.ca.us>

0 Kudos