Hi ,
Welcome to the Support Portal. How can we help?
Follow

Troubleshooting user management

Table of Contents

 

Introduction

Do you experience issues with importing, editing or creating users? Is there a discrepancy in users and groups between Workspace and Azure AD or are users not being added to certain groups in Workspace 365? Keep on reading! This article will guide you through some basic troubleshooting, errors and possible solutions.

 

Errors & Solutions

Error loading Office 365 users

error_loading_Office_365_users.PNG

Explanation: this error message occurs when you are trying to import users manually from Office 365 (groups).

Solution: 

  • Check if oAuth2 is enabled in Workspace.
  • Make sure you are importing users with the Primary administrator.
  • Sign into Office 365 regularly with the Primary admin account to prevent the access token from expiring.
  • Temporarily disable MFA for the Primary admin account. 

Back to top

 

Error 500

Explanation: you receive an error 500 code when you are trying to import or edit users.

Solution: sign into Office 365 regularly with the Primary administrator account to prevent the access token from expiring.

Back to top

 

Import option is missing

import.PNG

Explanation: from the Workspace admin setting under 'User management' ('Users & groups'), the option to import users from Office 365 (groups) is not visible in the action bar menu.

Solution: temporarily disable the sync under the Active Directory settings in Workspace, because users cannot be imported when the sync is enabled and running.

Back to top

 

Not able to edit, restore or delete users

Explanation: for example, you want to edit a user or restore a user from the deleted user list. However, this option is not available to you. 

Solution: check if you are logged in with the Primary administrator account and temporarily disable the sync under the Active Directory settings in Workspace. Now you can e.g. restore a user from the deleted user list (make sure the user is then marked as 'Active'). 

ad_sync_uit.PNG

Back to top

 

Not able to make a Workspace user administrator

error__occured.png

Explanation: this error message occurs when you're trying to make someone administrator, but don't have sufficient permissions to do so.

The Workspace administrator role can be managed from:

  • Azure AD: users assigned with the Global Administrator role (IsAdminFlag) in Azure AD and active in Workspace 365, are administrator in Workspace and are allowed to perform administrative tasks (when you run our AAD synctool, users who are assigned the Global Administrator role in Azure AD will automatically become administrator in Workspace).
  • Workspace 365: active users in Workspace and marked as administrator, are allowed to perform administrative tasks in Workspace.

Solution:

  • When 'Manage admin role from' is set to Azure AD:
    1. Check if you are logged in with a Global Administrator from your AAD in Workspace. 
    2. Go to the 'Active Directory' settings in Workspace.
    3. Uncheck the checkbox 'Enable sync from Active Directory'.
    4. Click 'Done'. 
    5. Go to 'Users & groups'.
    6. Select 'User management'. 
    7. Here, you can edit a selected user and make him/her administrator.

      Workaround: Are you logged in with the Global administrator but still not allowed to make someone else admin? Try to set 'Manage admin role from" to Workspace 365. Then, enable the AD sync, go back to User management and try again.

  • When 'Manage admin role from' is set to Workspace 365
    1. Go to the 'Active Directory' settings in Workspace.
    2. Uncheck the checkbox 'Enable sync from Active Directory'.
    3. Click 'Done'. 
    4. Go to 'Users & groups'.
    5. Select 'User management'. 
    6. Here, you can edit a selected user and make him/her administrator.

Important: be aware when changing these permissions, for example when 'manage admin role from' is set to Azure AD and you want to change it to Workspace 365, the Workspace no longer checks for the 'IsAdminFlag' in Azure AD. This means only active users marked as administrator in Workspace can perform administrative tasks in Workspace 365.

Back to top

 

Issues with performing administrative tasks due to UPN change (on-premise)

Explanation: is the UPN of the Global Administrator different in the on-premise AD compared to Azure AD? Then you may run into some problems performing administrative tasks with this user account.

Solution: we recommend keeping the UPN the same, because Workspace may think this administrator does not have sufficient administrative privileges, because the UPN does not match with the on-premise AD.

Back to top

 

User is not being added to the appropriate group or domain in Workspace 365

Explanation: there can be various reasons why users are not being updated accordingly when you are using our Azure AD synctool. Keep in mind that:

  • Users from distribution lists and/or mail-enabled security groups cannot be imported. 
  • Users from Nested Groups cannot be imported.

Solution: 

  • A change to the user's UPN can cause problems. We recommend keeping the primary SMTP address equal to the user's UPN.
  • Having both group- and domainfiltering enabled may cause discrepancies in users between Azure AD and Workspace. For example: user A is included in domain X and group Y. Domain X is being synced, but group Y is not. As a consequence, user A does not sync appropriately. Solution to this issue is to disable filtering entirely (full sync) and restart the service. When complete, you may enable filtering again.
  • Removing a user from a group that is being synced to the workspace can cause (log in) problems. Try re-adding or recreate the user to the group (or create a new group) in Azure AD. Make sure to include the group in filtering and restart the sync service.
  • The synctool will start at the configured time. Make sure the synctool service is running correctly and if necessary, restart the service.
  • More information on troubleshooting the Azure AD synctool, click here.

Back to top