Troubleshooting Microsoft Active Directory user synchronization

When you synchronize users from Microsoft Active Directory into IBM® Maximo® Application Suite, the number of users that are created in Maximo Application Suite might be fewer than the expected number of users.

Symptoms

Microsoft Active Directory might limit the Maximo Application Suite user search.

Causes

The Maximo Application Suite customMaxSearchResults configuration is set to 10000 by default. This configuration can be used to increase the number of users that can be synchronized from the LDAP server into Maximo Application Suite. However, if the limit of the user search value of the Microsoft Active Directory MaxPageSize property is less than the customMaxSearchResults property value, the MaxPageSize property takes precedence. If the value of customMaxSearchResults is greater than MaxPageSize, the page size is used to limit the number of users in the search result.

Resolving the problem

Starting in IBM Maximo Application Suite 8.9, you can use two methods to resolve the limitation in user registry synchronization when you use Microsoft Active Directory.
  • Increase MaxPageSize in Microsoft Active Directory.
  • Alternatively, change the ldapType setting to Microsoft Active Directory in the ScimConfig custom resource (CR) in Red Hat® OpenShift®. The customMaxSearchResults property takes precedence over MaxPageSize of Microsoft Active Directory.

    The Maximo Application Suite user registry synchronization settings customMaxSearchResults and ldapType are not shown in the user interface. The settings must be configured in Red Hat OpenShift.

    1. In Red Hat OpenShift, from the side navigation menu, click Administration > CustomResourceDefinitions.
    2. On the CustomResourceDefinitions page, search for and open the ScimCFG custom resource definition.
    3. On the Instances tab, search for and open the CR that starts with the Maximo Application Suite instance ID.

      For example, scimcfgs.config.mas.<your_company_name>.com

    4. On the YAML tab, in the spec: under config:, add ldapType: 'Microsoft Active Directory'.

      By adding the ldapType property, the maximum number of users that are synchronized matches the value of the customMaxSearchResults property even if the Microsoft Active Directory limit is less.

      For example, in the following ScimCFG custom resource, the customMaxSearchResults value is set to 30000 to increase the maximum number of synchronized users even if MaxPageSize in the Microsoft Active Directory is set to 10000 users. 
      ...
spec:
 config:
   ldapType: 'Microsoft Active Directory'
   customMaxSearchResults: '30000'