ADExtractor Features, Pricing, and Best Practices

Troubleshooting ADExtractor: Common Issues and Fixes

1. Installation fails or installer hangs

• Symptoms: Installer quits with error, hangs at 0–50%, or prerequisites not detected.
• Likely causes: Missing .NET runtime, insufficient permissions, corrupted installer, or blocked by antivirus/Windows SmartScreen.
• Fixes:
  1. Run as administrator. Right-click installer → Run as administrator.
  2. Install prerequisites. Ensure required .NET runtime and Visual C++ redistributables are installed.
  3. Verify installer integrity. Redownload from the official source and compare checksums if available.
  4. Temporarily disable antivirus/SmartScreen. Re-enable after install.
  5. Check logs. Review installer logs (typically in %TEMP% or program-specific folder) for specific error codes.

2. Authentication or permission errors when connecting to Active Directory

• Symptoms: “Access denied”, “Invalid credentials”, or partial results returned.
• Likely causes: Account lacks required rights, LDAP/LDAPS binding issues, or network time/kerberos issues.
• Fixes:
  1. Use an account with appropriate rights. For exports, use an account in Domain Users with read permissions or a delegated service account as documented.
  2. Verify credentials. Test the account by binding with an LDAP client (e.g., ldapsearch, ADUC).
  3. Check domain controller reachability. Ping/LDAP port (⁄₆₃₆) and confirm DNS resolves DC names.
  4. Confirm Kerberos/time sync. Ensure client and DC clocks are within 5 minutes.
  5. Try LDAPS if required. If the environment enforces secure binds, use LDAPS and validate certificates.

3. Partial or missing data in exports

• Symptoms: Users, groups, or attributes are missing or truncated.
• Likely causes: Attribute filters, paging limits, schema mismatches, or insufficient read permissions.
• Fixes:
  1. Check attribute selection. Ensure ADExtractor is configured to request the needed attributes (not a reduced subset).
  2. Enable paging. If large directories exist, make sure LDAP paging (1,000+ entries) is enabled.
  3. Validate schema mappings. Confirm custom attributes or extensions are mapped correctly.
  4. Run with elevated read rights. Some attributes require extra privileges (e.g., msDS-ReplAttributeMetaData).
  5. Compare with an LDAP query. Use ldapsearch to confirm which entries/attributes are visible with the same account.

4. Slow performance or timeouts

• Symptoms: Exports take excessive time, time out, or consume high CPU/memory.
• Likely causes: Large AD environment, inefficient queries, network latency, or insufficient host resources.
• Fixes:
  1. Use server-side filters. Narrow queries to only needed objects/containers.
  2. Enable LDAP paging and indexing. Request results in pages and ensure AD attributes used in filters are indexed.
  3. Increase timeouts and retry settings. Adjust client timeouts for slow networks.
  4. Scale resources. Run ADExtractor on a machine with more CPU/RAM or closer network proximity to DCs.
  5. Schedule off-peak runs. Export during low-usage windows.

5. SSL/Certificate errors with LDAPS

• Symptoms: “Certificate not trusted”, handshake failures, or refusal to connect on 636.
• Likely causes: Self-signed or expired certs on DCs, missing root CA on client, or hostname mismatch.
• Fixes:
  1. Validate DC certificate. Confirm certificate is valid, trusted, and matches the DC hostname.
  2. Import root/intermediate CA. Install the CA chain in the client’s Trusted Root store.
  3. Use correct server name. Use the subject/subjectAltName hostname in the connection.
  4. Rotate expired certs. Renew certificates on the domain controllers.

6. Incorrect formatting or encoding in output files

• Symptoms: CSV/JSON contains garbled characters, wrong date formats, or broken CSV columns.
• Likely causes: Character encoding mismatches (UTF-8 vs. UTF-16), locale/date format differences, or delimiter collisions.
• Fixes:
  1. Select UTF-8 with BOM or proper encoding. Match the target system’s expected encoding.
  2. Specify date/time format. Use ISO 8601 (YYYY-MM-DDTHH:MM:SS) for portability.
  3. Escape delimiters. Use quoting or a different delimiter if attributes contain commas.
  4. Validate with sample export. Open in a text editor to confirm format before large runs.

7. Licensing or activation problems

• Symptoms: Feature-limited mode, license errors, or inability to activate.
• Likely causes: Incorrect license key, network activation blocked, or clock skew.
• Fixes:
  1. Confirm license key and entitlement. Verify product key matches edition.
  2. Allow activation traffic. Ensure outbound activation URLs are reachable or use offline activation if provided.
  3. Check system time. Correct clock skew that can invalidate time-limited licenses.
  4. Contact vendor support with license file and activation logs.

8. Logs show cryptic errors or crashes

• Symptoms: Unexpected exits, stack traces, or repeated error codes in logs.
• Likely causes: Unhandled exceptions, corrupted configuration, or environmental incompatibilities.
• Fixes:
  1. Collect logs and configs. Gather application logs, event viewer entries, and config files.
  2. Search known error codes. Consult product knowledge base for matching errors.
  3. Reset to default config. Temporarily restore defaults to isolate config issues.
  4. Reproduce with debug mode. Enable verbose/debug logging and rerun the operation.
  5. Report to vendor with collected artifacts for deeper analysis.

Quick troubleshooting checklist