Skip to main content


 

Symptoms



Users in AD listed as disabled in Identity.Identity table. We have users who are being flagged as disabled in the Identity.Identity table. We've looked into their AD accounts they're not disabled in AD and their accounts look identical to other users. This is preventing them from accessing workflows and receiving task notifications. Refreshing the AD cache results in the users still resolving with the Enabled field being false.

This is across all environments (DEV, TEST, PROD) for 1 user, and in only DEV and TEST for another user.

 

Diagnoses


Running the Identity Refresh Tool gave us a better look into what was going on at the time asking for the user in the AD.
 

Resolution

There was an issue logged in the ADUM log trying to parse the user in the name@something group in AD. There is a TFS item in place for this known behavior. The workaround is to rename the group and remove the @ symbol. That was done and everything started to work again.




 
Be the first to reply!

Reply