Jump to content

Active Directory Sync Process still running


Recommended Posts


As a Passwordstate Security Administrator, you receive an email from the system advising that the Active Directory Sync process was still running at the time the next sync process began.  This could mean that not all members of the security groups you have added into Passwordstate are synchronizing properly.


Sync Process Behaviour:

The Passwordstate Windows service attempts to synchronize any Active Directory Security Group on the schedule you have set under Administration -> System Settings -> Active Directory Options.  It will also attempt to synchronize the following attributes for each user account in Passwordstate, regardless if they are a member of a Security Group or not:


Display name
Given name
Email address
User principal name
Sam account name
Physical delivery office name
Enabled status

Please note the fields below are synchronized when users are added into Passwordstate. If the user accounts already exist in Passwordstate, then the Department, Office, Email Address, User Principle Name and enabled/disabled status will be updated, if they change in AD.

Click Studios has tested synchronizing 4500 user accounts, and this process took 6 - 7 minutes. 


Steps to Troubleshoot:


Suggestion 1:

How many Security Groups and Users do you have in Passwordstate?  If you have several thousand, consider changing the Sync time to be longer, under Administration -> System Settings -> Active Directory Options.  Restart your Windows Service after making this change which is no disruptive to your system


Suggestion 2:

By default, Passwordstate uses the Read Active Directory Security Groups and User Accounts privileged account to query Active Directory.  To find out which account you have set to query your Active Directory, look under Administration -> Active Directory Domains and look for the name of the Privileged Account on that screen. 


Then, under Administration -> Privileged Account Credentials, open the relevant account and this will show you the domain account used to query Active Directory. Try elevating the permissions of this account in Active Directory to be a Domain Administrator, and allow a couple more sync processes to occur.  Does this fix the issue? 


Suggestion 3:

Are there any exceptions in the Application Event log on your Passwordstate web server, for the Passwordstate Service that indicate errors with the sync process?


Suggestion 4:

Are there any errors in the Administration -> Error Console which help diagnose the issue? (Send to Click Studios Support if you need help understanding these errors)


Suggestion 5:

Do manual syncs of each Security Groups work? Try to systematically isolate the problem to one security group, by manually synchronizing each group, one at a time.  This can be performed under Administration -> Security Groups as per below screenshot:



Suggestion 6:

Do any of your Security Groups have users from other domains?  Although this could work, it's not officially supported at this time.  Adjusting permissions for the privileged account may help if you do have members from other domains.



Click Studios will add more fixes/suggestions to this post if we can gather more information.  If we can replicate the issue on our own test environments, then possibly we could make some changes in our software to fix the issue.


Please contact Click Studios if you'd like to discuss your failed sync process further.





Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Create New...