Users missing from search results when creating accounts in FNMS On-Premises

Users missing from search results when creating accounts in FNMS On-Premises

Symptoms:

When creating accounts in FlexNet Manager Suite On-Premises, under the Accounts -> All Accounts page, the search results do not contain all of the Users that you were expecting to see.

Diagnosis:

When generating the results for the fly-down search box when creating an account, the following query is run against the Compliance DB:

SELECT * FROM List_Users lu
WHERE lu.IsIncluded = 1 AND NOT lu.UserStatusID IN (2,3) AND NOT (lu.DomainFlatName IS NULL) AND (lu.DomainFlatName <> '') 
AND NOT (EXISTS
(SELECT * FROM Grid_OperatorRoles gor WHERE
((lu.DomainFlatName + '\') + lu.SAMAccountName) = gor.OperatorLogin))
ORDER BY lu.UserName desc, lu.ComplianceUserID DESC

(N.B. The above is taken from 2019 R2, and may not be entirely accurate for other versions.)

The most common explanation is that the 'missing' users fail to satisfy one or more of the conditions above. To summarise:

1) The user must exist in the view List_Users
2) The user's login must not be a part of the exclusion list defined under System Settings -> Users
3) The user must not have a status of Inactive OR Retired
4) The Domain Flat Name for the user cannot be NULL, and cannot be an empty string
5) The user must not already be linked to an operator (account) object with assigned roles

Solution:

Starting from the top, check all of the conditions laid out above. If the user does not exist under List_Users, then you should work backwards and check if the user exists in the ADUser_MT table in the InventoryManager DB.

If they do not, then you should ensure that all necessary AD domains have imports running against them.

Remember: FNMS respects the separation of AD domains - if you have a hierarchy of domains, then you must configure an import against each domain and subdomain seperately.

Was this article helpful? Yes No
100% helpful (3/3)
Comments

Hi!


Thank you for this detailed explanation. This helped a lot troubleshooting our issue. 

I've looked into our ADUser_MT. This table looks good to me. All necessary accounts can be found in this table.

The complianceUser_MT table looks good as well.

 

But: The view List_Users is empty though. (select * from List_Users). 0 results.

I guess there is a scheduled tasks that adds these users to the List_Users view. 

When I'm trying to create an account within FNMS I get a few results but not the accounts that need permission.

 

Do you have an idea how to troublshoot this even further?


Thank you!

 

Hello @max_hoopmann,

0 results doesn't seem right. Do you have *any* users showing up when you attempt to create an FNMS account?

The query used to create the List_Users view is as follows:

SELECT
	uis.*,
	cu.UserStatusID,
	cu.EmploymentStatusID,
	ISNULL(uis.DomainFlatName + '/', '') + uis.SAMAccountName AS OperatorLogin
	FROM
		dbo.UserInfoScoped AS uis
	LEFT OUTER JOIN dbo.ComplianceUser cu
		ON uis.ComplianceUserID = cu.ComplianceUserID

 

 

Perhaps try invoking the SetSessionContext stored procedure on the Compliance database to impersonate the service account, then try another SELECT against List_Users. Like so:

EXEC SetSessionContext @OperatorID=1, @TenantID=<YourTenantIDHere>

 

 

 

If you're not sure of the TenantID, then you can check the Tenant table. I would also recommend verifying steps 2-5 in the above article, most of the information can be found from ComplianceUser_MT as well as List_Users.

Failing all of the above, I'd recommend opening a support ticket.

HTH,

Joseph

I am seeing the same issue.  When attempting to create an account, no users show up in a search.  The List_Users view is empty, but the complianceUser_MT and ActiveDirectoryUser_MT look fine.  We did notice that a duplicate system in AD was causing our AD imports to fail.  But not sure if that caused the users to not appearing from the List_Users view or not.

Hello!

Just recently, like 5 days ago, we've found the solution to this issue. Obviously this might not be the solution in your case. But as this is quite easy to check you should give it a go.

In the far top right corner open the drop down menu. From there navigate to "System Settings" -> "Users". There is a blacklist of users (Note: There are wildcards!). One of these entries prevented creating the necessary accounts. 

Version history
Revision #:
4 of 4
Last update:
‎Jun 11, 2020 05:57 AM
Updated by:
 
Contributors