Month: March 2015

Profiles population, helpful search filter (MS AD).

I’m currently installing Connections 5 for a customer. It’s a great place as the onsite guys really know their stuff. Anyway, their LDAP is in a bit of a state. Typical example of an organisation that has grown, gone through many Active Directory upgrades and no hard and fast rules for user management.

For Connections to be useful, you need relevant and current users in the Profiles database.

With populating the profiles DB, you’ve got 2 types of people. You’ve got the Wizards, and the Command lines. I’m a Wizard guy, just because it has come along way since I first used it (2.5) and hey, it automates half of my job. I still like to know and understand what the Wizards are doing, but if they automate it, awesome.

So I’m doing this install, and I run the Wizard with the default search scope.

The default search filter I used was below. I wanted to see how many records…


As you do, I iterate the log file..

LFRN0027I: After operation, success records is 634, duplicate records 0, failure records is 366.

That’s interesting…these guys only have 400 users?

Opened the PEOPLEDB, and there were heaps..I means heaps… of deactivated users. Doesn’t look like a user account had been deleted. Ever.

So, reset everything, dropped the DB and recreated it.

I had to work out how to populate without syncing accounts that were disabled. I also wanted mail to be populated.

Here is the search string that did it..


The parameter (!(userAccountControl:1.2.840.113556.1.4.803:=2) is a feature with MS AD, and is called a bitwise filter. Essentially, we’ve selected the users with the  useraccountcontrol flag enabled. This link explains it better than I ever could.

After operation, success records is 406, duplicate records 0, failure records is 24, and last successful entry is

This worked, users synced dropped to the correct numbers. Happy days.






wsadmin ProfileAdmin error “NameError: bAskForNodeComm”

I stumbled across this issue when trying to update a users information in Connections after a UID change.

I’d successfully updated the PROF_UID and PROF_UID_LOWER with the new information, and TDI had synched across the new user data.

To then get the other Connections Applications to update their user information for this user, I ran the ProfilesService.publishUserData(“”)

I received a very descriptive error.ErrorProfiles

So I noticed that the unlike the other Connections admin commands, the script had not asked me for “What node did you want to connect to?”

I tried various things, but was not able to get the ProfilesAdmin script to select a node.

I found this error  which seemed to match what I was getting, so I tried the suggested fix.

See below, it worked. This technique also will work with other ProfileAdmin commands.