Troubleshooting LDAP Connections to Active Directory
If you cannot successfully integrate with an Active Directory (AD) server using the LDAP Server Connection Assistant in Jamf Pro, several options are available to troubleshoot this issue.
This article explains how to:
- Troubleshoot an LDAP connection to AD using Apache Directory Studio
- Troubleshoot a failed connection to the AD server
- Find the DN or username for the bind user in Active Directory Users and Computers (ADUC)
- Troubleshoot failed authentication with the bind DN or username
Troubleshooting Using Apache Directory Studio
After you finish creating the LDAP server connection, you should view the mappings and verify that the search bases are correct. If the users search base is OU=Test,OU=JAMFSW,DC=ad,DC=jamfsw,DC=corp
, you can only search users in the Test folder. You can modify the search base to include a wider search range. For example, if you change the search base to DC=ad,DC=jamfsw,DC=corp
, you can search all computers in the domain.
Troubleshooting a Failed Connection
The connection to the AD server may fail if:
- Apache Directory Studio cannot reach the AD server
- The port entered in Apache Directory Studio is incorrect
- The encryption method in Apache Directory Studio does not match the encryption method of the AD server
ping ad.jamfsw.corp
telnet ad.jamfsw.corp 389
To verify the encryption method of the AD server, contact your AD administrator.
Finding the DN or Username for the Bind User
You can find the DN or username for the bind user by opening ADUC, right-clicking a user, and choosing Properties.

sAMAccountName
or the userPrincipalName
, click the Account tab. The domain and sAMAccountName is in the User logon name (pre-Windows 2000) fields. The userPrincipalName is in the User logon name field.
Troubleshooting Failed Authentication with the Bind DN or Username
- The bind user entered does not exist in AD
- The bind user entered does not have permission to browse LDAP
- The DN or username is not formatted properly
Contact your AD administrator.