Banks, credit unions, insurance companies,
Ad-Hoc and Email reports shows different results in one-way-trust forests environment
|Symptoms||Password Expiration email report (being delivered automatically) and Ad-hoc report (generated manually) provide a different number of user accounts in the following operating environment:
|Cause||This could happen because the Data Processing Account that is being used to collect data does not have enough permissions to read the Password Settings Container from the target domain. While the Ad-Hoc is being run under a different account which can read the Password Settings Container|
|Resolution||To check if the Data Processing Account has enough permissions please perform the following steps:
If you do not see the CN=Password Settings Container under the CN=System node or cannot read the properties this indicates Data Processing Account does have read rights (see the screenshot bellow: the account does not have rights to access the Password Settings Container).
To provide read permissions to the Data Processing Account: