Showing results for 
Show  only  | Search instead for 
Did you mean: 


The FNMS beacon calls ActiveDirectoryImport.exe which uses a Windows system API for querying AD. It first obtains a list of all the organizational units (OU). The specific search for each OU to obtain users is then:

( &(objectCategory=person)(objectClass=user)(!(userAccountControl:1.2.840.113556.1.4.803:=2)) )

with the query results returned being "cn", "distinguishedName", "sAMAccountName", "mail", "objectGUID", "objectSid", "userAccountControl".

It then checks that each record has at least a cn, distinguishedName and userAccountControl. In addition it also checks that the name is not a conflict by ensuring that the distinguishedName does not include a "CNF:".

Finally, there is a check to make sure that the user is not a duplicate or a trust account and that they are a normal account.


The following checks could be made for users that may be missing from a .actdir file:

1. Is the OU for the user being reported. If not, then all the users in that OU will not be reported.
Are the missing users non-normal accounts, trust accounts or duplicate accounts.

2. If the OU is missing, we could investigate that further.
Was this article helpful? Yes No
0% helpful (0/1)
Level 6

Is this information correct for a later version like 2018 R1?  I don't understand the role the OU has in the import since I have not configured anything in FNMS to select an OU to use for Active Directory imports.

By Community Manager Community Manager
Community Manager

This article describe the query used to retrieve user information. A more complete set of LDAP queries used is as follows:

Queries to retrieve the following organizational structure properties: distinguishedName, objectGUID, gPOptions



Query to retrieve the following user properties: cndistinguishedName, sAMAccountName, mail, objectGUID, objectSid, userAccountControl


Query to retrieve the following computer proprieties: cn, distinguishedName, objectGUID, objectSid


Query to retrieve the following group properties: distinguishedName, objectGUID, objectSid, sAMAccountName


Query to retrieve the following sites properties: distinguishedName, cn


Query to retrieve the following subnet properties for each site returned from the previous query: distinguishedName, cn

Level 7

Will this also work after?


Version history
Last update:
‎Jun 02, 2018 01:02 PM
Updated by: