cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Exit
search
  • Global community
    • Language:
      • Deutsch
      • English
      • Español
      • Français
      • Português
  • 日本語コミュニティ
  • 한국 커뮤니티
0
Upvote

User Sync Tool - Users not added

J_David_L
New Here ,
Jan 22, 2025 Jan 22, 2025

Hello all,

 

I am running into an issue with the usage of the User Sync Tool. I have a process that is supposed to create and remove federatedID accounts of users based on when they on-board/off-board from our organization. It removes the accounts of Adobe Only users just fine, but it will not create accounts for new users. I've tried searching the documentation for the tool and can't see any reason why users would not be added to Adobe from the directory. In the log it shows that the number of directory users is greater than the number of Adobe users.

 

Is anyone aware of anything that would prevent users from being created in the Adobe portal?

 

Command line arguments:

sync --users all --adobe-only-user-action remove --update-user-info

 

And from the user-sync-config.yml

invocation_defaults:

adobe_only_user_action: preserve

adobe_users: all

connector: ldap

process_groups: False

strategy: sync

test_mode: True

update_user_info: False

users: mapped

TOPICS
Admin console , Users and groups
1.2K
Translate
Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
replies 5 Replies 5
latest latest Jump to latest reply
Anshul_Nautiyal Adobe Employee
Adobe Employee ,
Jan 22, 2025 Jan 22, 2025

Hi @J_David_L,

It sounds like you're encountering an issue with the User Sync Tool where new federatedID accounts are not being created in the Adobe portal. Here are a few things to check and some resources that might help:

 

Ensure that the account running the User Sync Tool has the necessary permissions in the Adobe Admin Console to create users. Without the correct permissions, the tool may not be able to create new users.

Verify that your LDAP setup is correctly syncing with the Adobe Admin Console and that there are no issues with the LDAP server or user mappings. Ensure that new users are being properly mapped in the LDAP directory before the sync.

Double-check your user-sync-config.yml file to ensure all necessary configurations are correctly set. Specifically, verify that the connector and strategy settings are properly configured.

Review the logs for any specific error messages that might indicate why the accounts are not being created. The logs can provide insights into issues such as configuration errors.

 

For further assistance, you can refer to the following Adobe help articles:

User Sync Tool Setup and UMAPI & UST Errors.

 

Please let us know if you have any additional queries.

Regards,
^AN

Translate
Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
J_David_L
New Here ,
Jan 23, 2025 Jan 23, 2025
In Response To Anshul_Nautiyal

Hi Anshul,

 

Thank you for the quick reply! I've looked into your suggestions.

 

  1.  "Ensure that the account running..." - I double-checked our project account and it has the UMAPI service associated with it. Is there any other permissions that it needs to have? I thought UMAPI would include user creation and deletion.
  2. "Verify that your LDAP setup..." - I don't think the LDAP is the issue. It is able to update user information successfully, it just won't create new uers. Additionally, the number of "directory" users which we are getting from LDAP is about what we would expect.
  3. "Double-check your user-sync-config.yml..." - I'm wondering if this is the issue. We don't have any user mapping for this process to assign user groups. Would that prevent users from being created in the portal?
  4. Our logs are set to INFO and I don't see anything obvious. I'll try again with DEBUG and see if any relevant information is shared.

 

Thanks again,

David

Translate
Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Anshul_Nautiyal Adobe Employee
Adobe Employee ,
Jan 23, 2025 Jan 23, 2025
In Response To J_David_L

Hi @David33323793b4bl,

 

Thank you for following up and providing additional details. Based on your observations here are some refined suggestions to address the issue:

Ensure that the account running the User Sync Tool has System Administrator or User Group Administrator rights in the Adobe Admin Console for managing users effectively. Verify that the UMAPI (User Management API) integration is correctly configured with valid credentials.

 

In LDAP Configuration, check that required attributes (e.g., email and userPrincipalName) are properly mapped and that new users are included in the LDAP group or directory targeted by the sync. Confirm alignment between LDAP settings and the User Sync Tool's configuration.

 

Set the log level to DEBUG in your configuration or on the command line. Review the logs for entries related to "user creation" or errors that might provide insights into why users are not being added. Look for entries such as "action=add user" or "result=error.

 

Refer to the Adobe User Sync Tool documentation for guidance on specific parameters such as users, process_groups, and update_user_info. These settings may need adjustments to align with your organizational requirements.

 

Please let us know if you have any additional queries.

 

Regards,


^AN

Translate
Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
J_David_L
New Here ,
Jan 24, 2025 Jan 24, 2025
In Response To Anshul_Nautiyal

Hi Anshul,

 

I tried a different key that successfully adds users on a different process and it still didn't work, so it is definitely not a permissions/credentials issue.

 

DEBUG did not provide any more insights. I've looked through the documentation and haven't seen anything that indicates why users would not be added.

 

I'll double check our LDAP settings and continue to see what the issue is. I also will update to the newest version of the tool to see if that makes a difference. I will try to remember to come back and update this if I find a solution.


Thanks!

David

Translate
Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Anshul_Nautiyal Adobe Employee
Adobe Employee ,
Jan 24, 2025 Jan 24, 2025
LATEST
In Response To J_David_L

Hi @David33323793b4bl,

Thank you for the update and for detailing the steps you've taken so far. It’s helpful to know that a different key worked in another process, ruling out a permissions or credentials issue.

Here are a few additional considerations that might help you troubleshoot further:

LDAP Attribute Verification: Double-check that all necessary attributes (e.g., email, userPrincipalName) are present for the new users in LDAP. Even if LDAP is functioning for updates, missing attributes for new users might be a factor.

Filter Logic: Review the filter logic in your LDAP configuration to ensure new users are being included in the sync query. You can also test the LDAP query independently to confirm the correct user data is returned. Log Analysis:
Even if DEBUG didn’t yield direct insights, search the logs for keywords like user creation, add user, or error. Sometimes, warnings that aren’t marked as critical can still hint at configuration issues.

Test Run: Perform a test synchronization for a single user in test mode to identify potential issues without making widespread changes. Instructions for conducting a test run are available here.

 

Additionally, you can check out the following document.

Please keep me informed of your progress, and don't hesitate to share further details if you require additional assistance.

Regards,
^AN

Translate
Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Resources
In Case You Missed It...
Enterprise and teams | Updates and releases | ICYMI...
Open in a new window
User Guides
Administration User Guide
Open in a new window
Shared Device Licensing | Deployment guide
Open in a new window
Named User Licensing Migration Guide
Open in a new window
Important Information
Community Guidelines
Open in a new window
Admin Console Status
Open in a new window
Copyright © 2025 Adobe. All rights reserved.
Using the Community Experience League Terms of Use Privacy Cookie preferences Do not sell or share my personal information ad choicesAdChoices