Troubleshoot Active Directory Connections
Posted by Diane Hancock on 13 June 2017 01:47 PM

If Digital Workplace hangs at startup and the error log or event viewer shows a binding error and the Directory Server type is Active Directory, then it is likely a problem with the network.   If Digital Workplace takes a long time to startup when login is not required, then it may be an issue querying the Active Directory server.

Here are some things to try on the machine with the problem to isolate the issue:

  • ping -a directory_server_name
    • If that fails, ping directory_server_ip
    • If that succeeds, then a short-term solution is to put the IP in the etc\hosts file on that machine.  This is only until IT can work out their DNS issue.
  • tracert directory_server_name
    • If this fails, then there is some DNS or routing issue that IT needs to resolve.
  • Run LDAPTest.exe (F:\Support\Tools\LDAPTest.exe)
    • Set Server and Port to match Central Config's directory server information
    • Select Root DSE Info button
    • If that does not return or takes many minutes to return, then ask IT to troubleshoot this LDAP query on their network from that machine: 
      • Query: LDAP://directory_server_name:389/rootDSE

        User: null

        Password: null

        Authentication type: None

    • If the previous query works, then try getting the user's information as follows:
      • Fill in these values:
        • Server = see Directory server in Central Config
        • Port = see Central Config
      • Select the Fetch Contexts button
      • Fill in these values
        • Context = see Central Config's Base Dn/Context
        • Auth type = see Central Config
        • Login Auth type = see Central Config
        • Filter = (&(samaccountname=<username>)(objectClass=person))
          • Replace <username> with the user's login 
        • Scope = Subtree
        • Default Creds = checked
      • Select the Search button.  If this takes a long time (more than 5 seconds), then ask IT to troubleshoot this LDAP directory search with the specified filter on their network from that machine.
      • The box at the bottom of the window should populate with the user's information.  Verify the following:
        • objectsid = SID stored in the identity_table
        • memberof = groups the user is a member of
        • dn = distinguished_name in the identity_table


ldp.exe is a Microsoft Active Directory tool.  Install Remote Server Administration Tools and enable through Programs and Features.

See Triaging Exchange Performance Issues Related to Active Directory

Comments (0)