Knowledge Base

Yes

Environment

App Control Server: 8.9.x
Microsoft Active Directory: All Supported Versions

Symptoms

After Server Upgrade to 8.9.x AD user accounts can not log in to App Control Console
Recreating the User Role Mappings with the relevant Active Directory Folder/Group does not resolve.
AppControlAD-TIMESTAMP.log results show the EscapeFilter including the Hex code for a special character, such as a slash:
```
EscapeFilter - EscapeFilter(CN=User\5c, Name....
```

Cause

Active Directory Organizational Units have one or more of the following characters:

\/:*?<>|~:!@#$%^&'(){}

Resolution

Upgrade to 8.10 where this issue has been resolved (EP-17684\EA-22686)

As a workaround the Shepherd Config, AllowADScript could be used to force the "old logic" for Active Directory using vbscript. This should be reverted after upgrading to 8.10.

Navigate to https://AppControlServer/shepherd_config.php
Select the property AllowADScript
Change the value to true.
Restart the App Control Server & Reporter services.
Verify the AD accounts are able to login correctly.

Additional Notes

When AllowADScript is set to true Active Directory logging will be included in ServerLog-TIMESTAMP.bt9 and the EscapeFilter will log the special characters similar to:
```
EscapeFilter - EscapeFilter(CN=User\, Name....
```

Knowledge Base

App Control: AD Logins Fail When Active Directory OUs Have Special Characters

App Control: AD Logins Fail When Active Directory OUs Have Special Characters

Environment

Symptoms

Cause

Resolution

Additional Notes

Related Content

App Control

Knowledge Base

App Control: AD Logins Fail When Active Directory OUs Have Special Characters

App Control: AD Logins Fail When Active Directory OUs Have Special Characters

Environment

Symptoms

Cause

Resolution

Additional Notes

Related Content

App Control

Thank you for your feedback.

Thank you for your feedback.