redhook62
commented
2 years ago Your screen only shows deactivated users. In powershell add the appropriate flag to list disabled users
Closed Tryglav closed 2 years ago
redhook62
commented
2 years ago Your screen only shows deactivated users. In powershell add the appropriate flag to list disabled users
Tryglav
commented
2 years ago I forgot that default filter shows deactivated users. But i have more than 2000 active users, but powershell shows null.
redhook62
commented
2 years ago Very strange !
I just retested, in SQL and ADDS mode, PowerShell in Admin mode or not. I don't have any particular problem. Have you looked at the logs (EventLog)? maybe there is some informations.
What is surprising is that you have the users with the console and not with PowerShell. Access to the repository (ADDS or SQL) is achieved by the same code whether for the console, the UI or PowerShell.
Do you have more details?
regards
Tryglav
commented
2 years ago No the only event i've got is that 5001 about index out of range. My configuration is adds as mfa storage, two nodes adfs wid.
Tryglav
commented
2 years ago What is interesting this situation i have on two separate environments, on both similar configuration same version mfa.
redhook62
commented
2 years ago Hi @Tryglav
Error 5001 occurs when reading attributes for each user. so, either the attributes are incorrect in the configuration (but it seems to work with the console), or the operator does not have rights on all users.
Can you try with pagination and filtering ?
Also check the maximum number of lines allowed (in attribute configuration)
regards
Tryglav
commented
2 years ago Hi @redhook62 Yes i was increase maximum rows on attribute configurations but it didn't help. But console doe's not work as well, on my dev enviroment, console default query when is selected to show deactivated users it find only few active and few deactivated users. But when i change filter to diferent value it works ok. I have 2000 test users (user0001-user2000) and all are active, when change filter value to phrase 'user' it finds all 2000 without any problem. Powershell same situation when i execute 'get-mfauser' show only few active user, same situation as on console.
redhook62
commented
2 years ago Hi @Tryglav
I couldn't find anything regarding your problem.
However, in April, one of my clients had a big problem with a .net framework update. ADFS processes were crashing. Domain controllers has received an update, which broke ADFS.
We had to pass the KB5011495 on all Windows Server machines. Particular point the problem was known to Microsoft, but the fix was not offered in Windows Update...
Read what is described, maybe it can help you.
regards
Hi After upgrading MFA to 3.1.2204.1 version, i've noticed, there is a problem with display full querry users. console shows something like this:
powershell cmdlet 'get-mfausers' shows null.
When i search specific user by cmdlet, or when i limit search users filter on console to users witch specific name it works ok.
This event is showing when i open full users filter or execute full 'get-mfausers'
What can cause this problem?