Troubleshooting user management
Table of Contents
- Error & Solutions
- Error loading Office 365 users
- Error 500
- Import option is missing
- Not able to edit, restore or delete users
- Not able to make a Workspace user administrator
- Issues with performing administrative tasks due to UPN change (on-premise)
- User is not being added to the appropriate group or domain in Workspace 365
Do you experience issues with importing, editing or creating users? Is there a discrepancy in users and groups between Workspace and Azure AD or are users not being added to certain groups in Workspace 365? Keep on reading! This article will guide you through some basic troubleshooting, errors and possible solutions.
Errors & Solutions
Error loading Office 365 users
Explanation: this error message occurs when you are trying to import users manually from Office 365 (groups).
- Check if oAuth2 is enabled in Workspace.
- Make sure you are importing users with the Primary administrator.
- Sign into Office 365 regularly with the Primary admin account to prevent the access token from expiring.
- Temporarily disable MFA for the Primary admin account.
Explanation: you receive an error 500 code when you are trying to import or edit users.
Solution: sign into Office 365 regularly with the Primary administrator account to prevent the access token from expiring.
Import option is missing
Explanation: from the Workspace admin setting under 'User management' ('Users & groups'), the option to import users from Office 365 (groups) is not visible in the action bar menu.
Solution: temporarily disable the sync under the Active Directory settings in Workspace, because users cannot be imported when the sync is enabled and running.
Not able to edit, restore or delete users
Explanation: for example, you want to edit a user or restore a user from the deleted user list. However, this option is not available to you.
Solution: check if you are logged in with the Primary administrator account and temporarily disable the sync under the Active Directory settings in Workspace. Now you can e.g. restore a user from the deleted user list (make sure the user is then marked as 'Active').
Not able to make a Workspace user administrator
Explanation: you can choose to manage the Workspace 365 admin role from Azure AD or Workspace. The correct option needs to be selected to have sufficient permissions to make someone else administrator (so make sure you are logged in with the correct account).
- Azure AD: users assigned with the Global Administrator role (IsAdminFlag) in Azure AD and present (active) in Workspace 365, will become administrator. When you make use of our Azure AD synctool, users who are assigned the Global Administrator role in Azure AD will automatically become administrator in Workspace.
- Workspace 365: active users in Workspace can be marked as administrator. To do this, stop the sync under the Active Directory settings in Workspace. Then, go to User management (Users & groups). Here, you can edit a selected user and make him/her administrator.
Important: be aware when changing these permissions, for example when this is set to Azure AD and you change it to Workspace 365, the Workspace no longer checks for the 'IsAdminFlag' in Azure AD. This means only active users marked as administrator in Workspace can administer Workspace 365.
Workaround: are you logged in with the Global administrator but still not allowed to make someone else admin? Try to set 'Manage admin role from" to Workspace 365. Then, enable the AD sync, go back to User management and try again.
Issues with performing administrative tasks due to UPN change (on-premise)
Explanation: is the UPN of the Global Administrator different in the on-premise AD compared to Azure AD? Then you may run into some problems performing administrative tasks with this user account.
Solution: we recommend keeping the UPN the same, because Workspace may think this administrator does not have sufficient administrative privileges, because the UPN does not match with the on-premise AD.
User is not being added to the appropriate group or domain in Workspace 365
Explanation: there can be various reasons why users are not being updated accordingly when you are using our Azure AD synctool. Keep in mind that:
- Users from distribution lists and/or mail-enabled security groups cannot be imported.
- Users from Nested Groups cannot be imported.
- A change to the user's UPN can cause problems. We recommend keeping the primary SMTP address equal to the user's UPN.
- Having both group- and domainfiltering enabled may cause discrepancies in users between Azure AD and Workspace. For example: user A is included in domain X and group Y. Domain X is being synced, but group Y is not. As a consequence, user A does not sync appropriately. Solution to this issue is to disable filtering entirely (full sync) and restart the service. When complete, you may enable filtering again.
- Removing a user from a group that is being synced to the workspace can cause (log in) problems. Try re-adding or recreate the user to the group (or create a new group) in Azure AD. Make sure to include the group in filtering and restart the sync service.
- The synctool will start at the configured time. Make sure the synctool service is running correctly and if necessary, restart the service.
- More information on troubleshooting the Azure AD synctool, click here.