Keycloak Returns null username Error

When your application is using keycloak to authenticate to Microsoft Active Directory LDAP service, You may receive the error “keycloak.models.ModelException: User returned from LDAP has null username!” in the logs and the login fails.

You may want to look at this article (https://edwin.baculsoft.com/2019/10/fixing-error-null-username-when-integrating-redhat-single-sign-on-to-active-directory/ ) for configuration and initial troubleshooting.

There are so many reasons for that, and you probably searched a lot and tried many of it already before you reach this page.
So, here is one more thing for you to try:
Set proper naming values for the account you’re testing with.

Yes, I know, it is silly indeed; but it’s true. The account must have First and Last names, as well as display name properly configured.

HTH some1 ;)

Recover DC with Only System State Backup

Have you ever had to restore an Active Directory Domain Controller from scratch with only System State backup?

If so, and you already looked over the Internet, probably no direct results mentioned that procedure, basically due to it’s simplicity.

Indeed simple procedure. Starts by building (format and install Windows OS) the server and install all the updates to match the same version and edition used on the original DC.

Enable all features and roles needed and were on the original DC, but do not configure any of it.

Isolate the server, you may use an isolated port or simply change the IP address to something not in that subnet, to avoid conflicts and service interruption.

Promote to domain controller as new domain in new forest. Better to use the original names of DC and domain.

Reboot to DSRM, and login.

Start the system state restore process.

Once done and rebooted, check the event log for any critical / serious messages. If not exist, then you can connect to the network and resync with other domain controllers.

I’ve successfully applied this on Windows 2012R2 and will soon test it again with 2016 and 2019 servers.

However, I still strongly recommend you have the bare metal backup, and perform restore testing every six months.

HTH,

Domain Controller Status Unavailable

When running MMC with any AD management component inside it, and try to switch to another server you may notice sometimes the status shows “Unavailable”.

Most likely this is due to IPv6 not fully disabled, or not fully enabled (if you decide to run it), and you will need to update the registry value as per Microsoft article:

https://support.microsoft.com/en-us/help/929852/how-to-disable-ipv6-or-its-components-in-windows

HTH

Sample WMI Filters for GPO in AD

Hereafter listed few filters I keep using on my projects.

Almost every client I’ve worked with had these filters implemented in their Group Policy Console of Windows Active Directory.

So I keep it here for faster access, and easier than searching for it every time on different sites on the the web.

FILTER 1: Select DCs & Member Servers

Namespace: root\CIMv2

Query: select * from Win32_OperatingSystem where ProductType=”3″ OR ProductType=”2″

FILTER 2: Select Domain Controllers (DCs) Only

Namespace: root\CIMv2

Query: select * from Win32_OperatingSystem where ProductType=”2″

FILTER 3: Select Member Servers Only

Namespace: root\CIMv2

Query: select * from Win32_OperatingSystem where ProductType=”3″

FILTER 4: Select Workstations Only

Namespace: root\CIMv2

Query: select * from Win32_OperatingSystem where ProductType=”1″

FILTER 5: Select Win 2008 Member Servers Only

Namespace: root\CIMv2

Query: select * from Win32_OperatingSystem where ProductType=”3″ AND Version like “6.%”

Import Using CSVDE with Unicode Switch Error

This is an old method, yeh I know. But not everyone moved on to the PowerShell yet.

Anyway, if you’re trying to import a CSV file to Active Directory, and got the error  message says:
Invalid file format. DN Attribute not defined

Just try to remove the Unicode switch “-u” from your command. If that works, then re-save (save as) the CSV file using Notepad, and make sure to select the unicode option, NOT the UTF-8

HTH some1