Skip to main content

Examples: Testing and troubleshooting user listing

One way of checking whether the users were successfully listed during auto discovery; is to view the Reports > Users > Accounts report . If auto discovery was successful you should see a number of accounts listed as auto-associated.

The following examples demonstrate two other ways of configuring and testing user listing:

Running auto discovery from the web interface

Click below to view a demonstration of testing that a target is listing users correctly by running auto-discovery from the Manage the system (PSA) module and then confirming that users have been listed by looking at the generated data file.

To test that your target is listing users correctly, you can run auto discovery from the Manage the system (PSA) module and confirm that users have been listed by looking at the generated file:

  2. Click Manage the system > Resources > Target systems > Manually defined.

  3. Select the AD target to update the target settings.

  4. On the General tab, deselect List accounts.

  5. Click Update.

  6. Navigate to the \<instance>\psconfig\ directory.

  7. Delete all files named AD.*.

  8. From the Manage the system (PSA) module, click Maintenance > Auto discovery > Execute auto discovery.

  9. Click Continue.

  10. Click Maintenance > Auto discovery > Last log, and refresh the page until the log shows "done psupdate."

  11. Check the \<instance>\psconfig\ directory.

    There will not be a file named AD.db in \<instance>\psconfig\ , because the old one was deleted and user listing was turned off for the Active Directory target.

  12. Click Manage the system > Resources > Target systems > Manually defined.

  13. Select the AD target.

  14. Select List accounts, List account attributes, List groups, List group attributes, and Create profile IDs from enabled accounts only.

  15. Click Update.

  16. Execute auto discovery: Maintenance > Auto discovery > Execute auto discovery > Continue.

  17. Once the process is complete, check the \<instance>\psconfig\ directory.

    The AD.db file should now exist in \<instance>\psconfig\ because you turned on user listing for the Active Directory target again.

  18. Confirm the auto discovery successfully listed users by opening the file using the instructions below.

    If auto discovery is successful, this file lists users with accounts on the Active Directory target system. A file is added for each target system on which listing is enabled.

    1. Select the AD.db file in \<instance>\psconfig\ and press Enter or double-click to open.

      You will see a prompt saying, "You are attempting to open a file of type ’System file’ (.db)."

    2. Click Show apps.

    3. Check the box at bottom saying Always use this app to open .db files.

    4. Scroll to the bottom of the list and click Look for another app on this PC.

    5. Browse for and open the DB Browser for SQLite directory.

    6. Select the DB Browser for SQLite.exe program.

    7. Click Open. The File will open within DB Browser for SQLite.

      lab-autodiscovery-dbfile-open

    8. Click the Browse Data tab and use the Table: drop-down menu to select the discobj table.

    9. Confirm that you now see a table of discovered groups and accounts from the AD target.

      lab-autodiscovery-dbfile-discobj

    10. Close the file once you have confirmed the table contains the discovered data.

  19. Confirm that auto discovery listed users successfully from your target systems by searching the idmsuite.log for the line in which the agent listed items from your target.

    Open: C:\Program Files\Bravura Security\Bravura Security Fabric\Logs\<instance>\idmsuite.log

    You should see lines in the psupdate section for each agent indicating list succeeded. The lines will look something like this:

    _2023-06-29 22:51:58.936.4644 - [psupdate7020_7208] agtaddn.exe [2164,992]
Info: [listobj] for Object [GRP] succeeded
_2023-06-29 22:51:59.453.9875 - [psupdate7020_7208] agtaddn.exe [2164,4708]
Perf: PerfConnector. Address: {[server=bravura.corp;listOUs=include:UserOUs.kvg;
listGroupOUs=["*,ou=Demo,dc=bravura,dc=corp";];listDeleted=NODELETED;
nameFormat=NT4;groupNameFormat=DN;grpowner_attr=managedBy;persistentSearchWait=7200;]}
  | AdminID: {psadmin} | Duration: {1038} | Event: {connector-operation} | Message: {}
  | Operation: {listobj} | Result: {0} | SysID: {} | TargetID: {AD}
_2023-06-29 22:51:59.454.0327 - [psupdate7020_7208] agtaddn.exe [2164,4708]
Info: PerfConnectorExt. AcctID: {} | Duration: {1038} | Event: {connector-extended}
  | ObjChildID: {} | ObjChildType: {} | ObjCount: {923} | ObjRelType: {} 
  | ObjectID:{} | ObjectType: {ACCT} | Operation: {listobj} | TargetID: {AD}
_2023-06-29 22:51:59.454.0392 - [psupdate7020_7208] agtaddn.exe [2164,4708]
Info: [listobj] for Object [ACCT] succeeded

    Tip

    There is also a Run discovery button in the Manage the system > Resources > Target systems > Manually defined section for running auto-discovery against individual targets.

Running auto discovery from the command line

An alternative way to test auto discovery is to run the psupdate program from the <instance>\util\ directory. You can use arguments with this command to specify part of the auto-discovery process.

Click below to view a demonstration.

To use the -list argument to list users on a single target:

  1. Delete all files named AD.* from the \<instance>\psconfig\ directory.

  2. From a Windows Administrator Command Prompt, navigate to:

    C:\Program Files\Bravura Security\Bravura Security Fabric\<instance>\util\

  3. Type:

    psupdate -list -target AD

  4. Check the \<instance>\psconfig\ directory.

    There should now be an updated file named AD.db in \<instance>\psconfig\ because you executed psupdate with the list option to create list files.

In this section: