It looks like I can't enable email notification for domain users. When I check the "notify on:" checkboxes on the Edit User dialogue, the Save button turns blue, but remains grayed out. Am I missing something or is this a bug? Oddly enough, it works just fine with local users.
Before and after screenshots below for your viewing pleasure
I see the same issue in my lab. Note that the username field is displayed with a red frame. My guess is that WFA tries to validate the input somehow and stumbles upon the \ character that separates domain and username. That's why it doesn't allow you to save it. Likely a bug.
Hello John and Hendrik,
The problem is the '\' character used in the username which is an invalid character for a username. You may try to login without providing the domain name and only use the username.
don't user MYDOM\user1 to login. instead only user : user1. You will be able to login successfully and enable the email notifications as well.
WFA is identifying 'MYDOM\user1' and 'user1' as separate users.
"WFA is identifying 'MYDOM\user1' and 'user1' as separate users."
This behavior makes your suggested workaround obsolete. The whole idea of using domain accounts is the fact to not maintain separate local users for WFA.
And I have to confirm this "bug". I'm unable to enable email notification on all my domain users - be it via "Users - Edit" for all users or "account Settings" of an individual user.
I highly recommend filing a BURT and get this fixed.
Kind regards, Niels
@ The whole idea of using domain accounts is the fact to not maintain separate local users for WFA.
My user 'user1' is not a local user. Its a domain user itself. I'm just saying not to provide the domain-name when trying to login. You'll be able to login and if you access the "users' page you'll see the column LDAP will be set to true for this user indicating its a Domain user and not a local user.
In the login page don't use: 'MYDOM\user1'. Just use 'user1' and provide password.
See the image below:
Both users (other than admin) are actually the same. When in the 2nd one I've provided 'Domain-name\username'. In the last one I've just used the username and still able to login. If you use this way, you won't face the problem mentioned in the original post.
There is a bug filed not to create users named in the 'Domian-Name\username way. '\' is an invalid character for a username in WFA.
I'm using a newer internal build but I believe that is not the problem. We tried to reproduce the problem and have found a case where it can happen. I think its in the User Logon user names you have created in your domain controller. You have created users with Logon names as: 'DOMAIN\user1' instead of only 'user1' . So looks like your username itself is 'DOMAIN\user1' instead of user1 and thats why when you are not providing DOMAIN\, its unable to find a username.
See below. Does your Logon usernames in your domain controller appear like this with 'DOMAIN\user'?
Create users in domain controller with Logon names like : 'user1' etc. and try.
If you create user Logon names like 'user1' then you'll be able to login to WFA server both as 'DOMAIN\user1' and only 'user1'.
I checked and all users are correctly configured.
Can you send me your LDAP settings of your WFA instance? I suspect the error may be buried there.
Could be the "Destinguished Name Attribute".
But I chose "distinguishedName" on purpose as it could easily be a single user name exists in two (or more) trusted domains and the LDAP server requires the domain attribute to resolve the user name to a single user.
This works for me, I can login with just the username (omitting the domain part) and the user then gets created without the domain part. This didn't work in previous WFA versions that required the domain part. LDAP-settings are left at the default (as posted by Niels above).
However, I still can't enable the notification. The username still shows up in red and I can't save:
It works fine in WFA1.1.1 (with the domain part included) so I would consider this a regression bug
This particular error is because your Domain user name [ hland-operator ] has a '-' (hyphen) in between. Hyphen is another illegal character for a username. If you try to add a new local user you can see the tool-tip which tells "User name can only contain letter, digits, underscores, at signs (@) and dots"
Try to login as a domain user which has its name with only valid characters. Then this should work fine.
Is there any reason for this limitation? It's a perfectly valid LDAP/Active Directory username and if we integrate with such third-party applications we should try to not have any unnecessary limitations. Such usernames exist in customer environments.
Also, I'd prefer to have the domain part included in the username. Larger customers tend to have several sub-domains (with trust relationships) and it would be nice if we could tell to which sub-domain a user belongs.
@ Is there any reason for this limitation? It's a perfectly valid LDAP/Active Directory username and if we integrate with such third-party applications we should try to not have any unnecessary limitations. Such usernames exist in customer environments.
I don't know why was this limitation on characters added. I agree with your point about not having many limitation when integrating with third-party applications. The WFA decisions makers must already be reading through this thread. Perhaps a bug can be filed and corrected in future releases. Lets see how that goes.
@ Also, I'd prefer to have the domain part included in the username. Larger customers tend to have several sub-domains (with trust relationships) and it would be nice if we could tell to which sub-domain a user belongs.
I'm trying to understand your point. I'm thinking how such a situation can arrive. WFA 2.0 can only work with one Domain name which is given in the LDAP configurations. And we can't have multiple users with the same user name in the same domain name. Hierarchies aren't supported in WFA 2.0 I believe.
Curious: Can you log in with <user>@<domain> (firstname.lastname@example.org)? (assuming you're running Windows 2000 + domain, not NT4-mode)
Thanks Guys. So changing the user name attribute to userPrincipalName I can now log in using <user>@domain.com and I can then add the email notifications to the account. Only down side is that the userPrincipalName used @ my client is horrible...... Oh well at least it works