I am currently trying to setup AD sync to Endpoint by using search groups, and I'm running into a problem where the connector parses the AD security group but then states that the members within the group aren't users.
It then fails saying abadoning search due to error error during synch (0x5c000016) - "no connection has been established"
it then closes. under Search groups I have the distinguished name set like below...
thanks for the reply. I have verified that my connection settings are correct through the ldap browser and all users have the correct "memberof" status for this group.
I can authenticate via ldap browser as well as through the connection manager when I use search settings. I can't use search settings though because the way our AD is configured, all the users are in the same OU. I need to be able to put endpoint users into their own group and pull them from there.
Thanks again for your help. I ended up getting it to work by adding (objectClass=organizationalPerson) under the object filter in search settings. I was under the assumption that if you use one tab you don't use the other.
You could also use an LDAP filter to limit your imported users. If your AD guys actually know how it works without the GUI tools to help them, they could create an additional attribute, like sbuser=yes. You could then configure SB server to apply the filter (&(objectclass=organizationalPerson)(sbuser=yes)).
I'm able to reproduce your error in my lab and my bet is that you have the Distinguished Name string incorrect on the Search Groups tab...in other words, make sure your CN's are actually CN's, your OU's, OU's etc.
Use the Softerra LDAP Browser included in the Tools.zip download to find that specific group, go to the properties and copy the string.