A blog for random cybersecurity. networking. infrastructure. notes.

#AD_USER_OR_GROUP_NOT_FOUND#} Could not find user or group in AD

#AD_USER_OR_GROUP_NOT_FOUND#} Could not find user or group in AD

AD_USER_OR_GROUP

The Problem

When browsing to the Remote Access Groups in Horizon View 8.0, Error {#AD_USER_OR_GROUP_NOT_FOUND#} Could not find user or group in AD

The Specifications

  • Horizon View 8.0.0-16592062

The Fix

The referenced user account is a local user in the local vmware.int domain and not to be confused with any corporate  domains which the connection server is connected to for user privileges.  Let’s go through the steps below to resolve the issue.

  • First, you’ll want to view the logs of the Connection Server to collect the ID in question.
    • Browse to C:\ProgramData\VMware\VDM\logs and view the log in question which corresponds to the timeline when the error occurred. (for more information about collecting VMware logs, see https://kb.vmware.com/s/article/1017939?lang=en_us)
    • Search for #AD_USER_OR_GROUP_NOT_FOUND# and proceeding the error, you will see a unique entry for id=UserOrGroup, something like:
      • id=UserOrGroup/Uy0xLTUtMjEtMTYxNDg5NTc1NC0yMTM5ODcxOTk1LTE4MDE2NzQ1MzEtNDYxMA
  • Use your favorite transcoding tool, like https://www.base64decode.org/, and convert the UserOrGroup entry to the SID which you’ll be searching for.
  • Use the ADSI Edit tool to locate the user and remove it from the internal directory.
    • Log in to the connection server operation system,click Start > Windows Management Tools > ADSI Edit(Connecting to the View ADAM Database)
    • In the console tree, right click ADSI Edit , and then click connect to
    • In the Select or type a Distinguished Name or Naming Context text box, type the distinguished name DC=vdi, DC=vmware, DC=int
    • In the Select or type a domain or server text box, select or type localhost:389 or the fully qualified domain name (FQDN) of the View Connection Server computer followed by port 389 (For example: localhost:389 or mycomputer.mydomain.com:389)
      Click OK.
    • Select and expand DC=vdi,dc=vmware,dc=int to expand
    • Select and expand CN=ForeignSecurityPrincipals to expand
    • Find CN=[the SID you transcoded],and then delete it.
  • Performing the same search for the Remote Users and Groups should not be successful!
  • And that should resolve the issue!

If you found this post helpful, please buy a total stranger a cup of coffee the next time you are at the cafe.  Maybe even strike up a conversation!

Related Articles

Table of Contents

Categories