14
Vote

Unable to find active directory groups for user

description

I am unable to use Sushi to report AD groups for a user. The following error is generated.
 
Looking up Active Directory groups for user... Unable to find active directory groups for user: A referral was returned from the server.
 
0 Active Directory groups found.
 
I appreciate your efforts in resolving this issue.

comments

jsidwell wrote Nov 11, 2008 at 1:58 PM

I have the same issue logged in as domain admin :(

wrote Dec 29, 2008 at 3:17 PM

wrote Jan 28, 2009 at 9:25 PM

wrote Mar 24, 2009 at 2:29 PM

fotw2 wrote Mar 24, 2009 at 2:31 PM

Can only echo what has been commented on before: same issue logged on as domain admin (with local admin and farm admin permissions too).

Great tool - when this gets resolved I will love it even more ;-)

wrote Jul 19, 2010 at 2:37 PM

RyannosaurusRex wrote Jul 19, 2010 at 2:40 PM

Do you still get this error when attempting to get group memberships when you are the administrator on the local machine and SharePoint administrator?

wrote Aug 19, 2010 at 7:55 PM

claudermilk wrote Aug 19, 2010 at 7:56 PM

This appears to still be an issue. I am running into this problem. Logged in as a domain admin account--the same one we use to perform AD maintenance so it has permission.

wrote Feb 2, 2011 at 6:19 PM

wrote Sep 6, 2011 at 8:39 PM

ljd144 wrote Sep 6, 2011 at 8:41 PM

Sushi is a great tool, but I'm encountering this issue as well. Was a resolution ever found? Thanks!

wrote Feb 21, 2013 at 11:14 PM

wrote Feb 27, 2014 at 9:40 AM

svandragt wrote Feb 27, 2014 at 9:41 AM

Impact of this issue is higher than low: you cannot use the Security Reports functionality accurately.

noral wrote Aug 28, 2015 at 8:41 PM

The fix is simple but requires the solution to be recompiled.

Change this line in the file ... Action->Administration->Security->ActionSecurity.cs
DirectoryEntry entry = new DirectoryEntry("LDAP://dc=" + domainName);
to (this may be different in your environment)
DirectoryEntry entry = new DirectoryEntry("LDAP://dc=" + domainName + ",dc=com");
I am using VS2010 so I had to target for .Net 3.5 then I recompiled

Enjoy!

Noral