AD Sync Troubleshooting Questions

We often receive support tickets regarding the AD synchronization within Intranet Connections. This is where you can synchronize AD accounts with employee logins on the intranet. When enabled, you sync new users from AD that get created within the intranet, and update existing users that are part of the AD sync. For example, if Sally Struthers is part of the AD sync and her last name (in AD) is changed to Smith, when the sync runs, the intranet will automatically update Sally from Struthers to Smith on the intranet.

Occasionally we receive support tickets relating to missing users not coming over or being updated with this syncing process.

Here are frequently used questions we need to identify in order to help troubleshoot. If you are experiencing AD sync issues, please send a ticket into our support team (by emailing and answer these questions:


1) Can you confirm if the problem is isolated to syncing newly created AD accounts, or if it is with updating existing accounts?

2) Can you enter into the intranet admin site, click on the security tab, then "AD Login Synchronization" and perform a force re-sync. Do you receive an error or warning?

3) Send us a screen snap of your full AD sync settings here (including any errors if present) and provide us a copy of the SQBox.log file (located on your intranet server). If you are on Railo you will find this log file under ..\WEB-INF\railo\logs and for ColdFusion ..\ColdFusion[version]\cfusion\logs

4) Often a missing employee that should be syncing is due to their account somehow becoming disabled (you can re-enable the account). To check this, enter into your admin site, security tab, search disabled users

5) The username is the key attribute for the AD sync, meaning that the username in AD *must* match the username in your intranet. If an employee is not updating with the sync, verify the usernames match and the account being used has domain admin rights. Under the security tab, "AD Login Synchronization" click "advanced options". Do you have a start or filter field value defined? If you do, ensure the users not being synced meet the criteria in these fields

6) Based on the filters and other AD sync settings that you have defined, confirm that you are syncing less than 1,000 users and groups from AD (there is a cap at 1,000) - this applies to earlier versions of 12.0 and 12.5 of our software.

7) Are you encountering a timeout error?

a) For version 13.0, please click here for instructions on how to increase this setting.

b) For ColdFusion, please click here.

c) For Railo on IC versions older than 13.0, please click here.

Have more questions? Submit a request


Article is closed for comments.