24.4 Known Issues

24.4.1 Warning Message Appears on ADC Installation

Following warning message appears for ADC installation when there is an empty space in the FRD password.

Few of the Domain Controllers are not reachable. Before proceeding with the installation, it is recommended to make the following Domain Controllers available: <FRD hostname>

NOTE:The ADC installation can proceed, and there will not be any install failures even after receiving the warning message.

24.4.2 Limitation for Number of Characters in Login Username

If a username contains more than 20 characters, a garbage value is displayed when you run "wbinfo -u" command.

24.4.3 Creating Filr LDAP Proxy Users with MMC Fails

Using Windows MMC, it is not possible to create a proxy user in DSfW domain with sufficient rights to read the user and group information.

24.4.4 Domain Join with NetBIOS Name Fails

Joining a Windows workstation to DSfW domain using the NetBIOS name fails with the following error:

The specified domain either does not exist or could not be contacted.

24.4.5 NTLM Authentication Fails Over SSP

Unable to bind to DSfW servers using NTLM when kerberos is down. This issue is fixed in the OES 2018 SP1 Update 1 patch release.

24.4.6 Cross Forest Share Access Does Not Work in 32-bit Windows Client

In a cross forest environment between AD and DSfW, a share created on Windows server cannot be accessed by DSfW users on 32-bit Windows 7 client.

24.4.7 Provisioning Fails for a New DC in the Forest When PDC is Not a DNS Server after PDC Role Transfer

After the PDC role is transfered from Forest Root Domain to Additional Domain Controller, which is not a DNS server, adding a Domain Controller with the Configure this Server as a DNS Server option selected during installation fails during provisioning.

24.4.8 Password Setting Container Might Not Be Visible On Domain Controllers In A Mixed Mode Environment

In a mixed mode environment (OES 2015 and OES 2018 or later) if any of the domain controllers are updated prior to updating the FRD with 2012 schema, the password setting container might not be visible on domain controllers during object creation with 2012 schema level. Therefore it is recommended to always update the FRD with the latest schema level first and then update the domain controllers.

24.4.9 Restriction on Fine-Grained password Policy Attribute Name Length

The name of the attributes for Fine-grained password policies cannot be longer than 32 characters.

24.4.10 Fine-Grained Password Policy Limitations

  • The support for the following three attributes is not available with the current implementation of Fine-Grained Password Policy due to the limitation imposed by eDirectory. Currently, eDirectory supports these attributes only at the container level.

    • msDS-LockoutThreshold

    • msDS-LockoutObservationWindow

    • msDS-LockoutDuration

  • The values for the following attributes must be provided in multiples of number of seconds per day (86400 seconds per day).

    • msDS-MinimumPasswordAge

    • msDS-MaximumPasswordAge

  • The current implementation of Fine-Grained Password Policy is limited to individual users and is not applicable for groups. This is because of the limitations imposed by eDirectory.

24.4.11 Copying a User Object from MMC Fails

When you copy a user object from MMC, it fails with an unspecified error. Micro Focus has no current plans to change this.

24.4.12 Users Must Change Their Own Passwords

After a user is created, the administrator cannot force password changes through MMC because the check box is disabled. Users must change their own passwords. Micro Focus has no current plans to change this.