State of knowledge

November 2020

Observation

Although an Active Directory user account exists, it does not appear in the UCServer user management.

Consequently, the user cannot log in. This happens seemingly arbitrarily, i.e. sometimes a user is visible and can log in, sometimes not.

Possible reason: limitation to the number of objects during replication

The replication of Active Directory objects in the UCServer is limited to 5000 objects by default for performance reasons. It is important in this context that the term objects is defined more broadly than users – this includes not only users but also groups, contacts, etc.

For example, if your Microsoft directory service Active Directory contains 5000 objects and a user that does not exist in the UCServer is the 5001st object, it will no longer be replicated.

Procedure

Please check the number of objects in your Active Directory. If you find that the number of objects exceeds 5000, you can increase the limit implemented in UCServer by adding the following registry key:

  • Registry Key:
    •  HKEY_LOCAL_MACHINE\Software\ESTOS\UCServer4\Server\ADMaxRead
  • Typ: [REG_DWORD]
  • Wert: 5000
  • Minimum: 100