Support

Why do I get an error when I try to enumerate Active Directory (AD) users through the User Manager's AD page, or why does AD authentication take so long?

Grant -

If you are certain the domain name is correct then one problem might be a connection problem with certain Active Directory services. These can be a result of DNS problems on the server running Cerberus FTP Server, or internal firewall problems reaching certain AD services on the Domain Server.  The Microsoft APIs use several different protocols to query AD, and if those protocols are not properly traversing internal firewalls and can't communicate with the Domain Server, then enumeration can fail. The SMB protocol can sometimes be the problem. Try checking that you can reach port 445 on the Domain Server from the machine running Cerberus FTP Server.

Other symptoms of communication problems with the Domain Server are long delays while trying to authenticate a domain user. Ensuring the appropriate ports are open for communication with the Domain Server, and that DNS is correctly configured for the domain, can make a dramatic speed improvement in the time it takes to authenticate a user via Active Directory (from 30 seconds or longer to less than a second).

Have more questions? Submit a request

Comments