Chat now with support
Chat with Support

Metalogix ControlPoint 8.2 - Administration Guide

Preface Configuring the Environment in Which ControlPoint Will Run The ControlPoint Configuration Site Managing Your Farm List Managing Your ControlPoint License Configuring Web Applications and Content Databases for ControlPoint Configuring ControlPoint Services Using Discovery to Collect Information for the ControlPoint Database Cache Using Sensitive Content Manager Services Managing ControlPoint Configuration and Permissions Modifying ControlPoint Configuration Settings
Changing Default Settings for Actions and Analyses
Supress "Item is inherited - no processing done" Message(SkipNotDoneMsg) Maximum Line Items in Real-time (REPCAP) "Use Cached Data" Default Value (CACHEDREP) Abort Report Processing on Error (ABORTREPORTONERROR) Display "Include users with AD group membership" Parameter (SHOWADGROUPS) Copy/Move Default Temporary Location (TEMPLOCATION) Time to Retain Page Data in Cache (CACHEREPORT4) Time to Retain Temporary UI Objects in Cache (UICACHEDURATION) Number of Reports to Keep in Memory After Drill-Down (RVSESSIONSKEPT) Exclude Web Application(s) from Statistics List (DASHBOARDWAPEXCLUDE) Number of List Items to Display in Selection Grid (DISPLAYSINGLELISTITEMS) Use Activity Min. Date as Start Date (UseActivityDbDate) Show unique permissions only" Default Value (SHOWUNIQUEPERMONLY) Duplicate Files Report Limit (DuplicateFilesReportLimit) Users to Exclude from Reports (EXCLUDEDUSERS) Eliminate Claims Prefix from Username in Reports (UseCleanedLoginNameInReports) Maximum Number of Orphaned Users to Delete Per Scheduled Batch (OrphanDeleteBatchSize) CSV Delimiter Character (CSVDELIMETER) Largest Active Directory Group to Expand in Reports (MAXMEMBERS) Maximum Number of Users to Act On (MAXUSERSFORACTION) Hide the "Set User Direct Permissions" Action in Permissions Management (PREVENTUSERPERMS) Prevent Set Site Collection Quotas (PreventSetSCQuota) Show Nested Active Directory Groups (PROCESSADHIERARCHY) Hide Interactive Analysis Link (RESTRICTSL) Use Minimum Activity Date as Start Date (USEACTIVITYDBDATES)
Changing Default Settings to Improve Application Performance Audit Log Configuration Settings Changing Settings for Anomalous Activity Detection Restricting Functionality for Members of the Business Administrators Group Changing Default Settings for ControlPoint User Groups Changing Settings to Improve Discovery Performance Changing Settings to Accommodate Special Environmental Factors Changing Default Settings for Navigation Changing Trace Switch Logging Levels Changing Default Settings for Compliance Managing Site Provisioning Settings Specifying Global Settings for ControlPoint Policies Setting Preferences for the ControlPoint Scheduler Miscellaneous and Custom Configuration Settings Special-Purpose Configuration Settings
Archiving SharePoint Audit Log Data Troubleshooting
ControlPoint Log Files Troubleshooting Configuration Errors Troubleshooting the ControlPoint Application Interface Troubleshooting Discovery Troubleshooting SharePoint Users and Permissions Troubleshooting Site Provisioning Troubleshooting ControlPoint Operations

System Exception: "Cannot get the members of the group..."


When attempting to view members of an Active Directory group from permissions analysis results, an error window displays which includes the following message:

System.Exception:  Cannot get the members of the group [domain\group] possibly because of network or permissions problems

Possible Reason

The ControlPoint Service Account does not have permissions to read all users within the Active Directory group.  


Make sure the ControlPoint Service Account has at least Read Permissions for the Active Directory record of every SharePoint user.  Consult your Microsoft Active Directory documentation for details.


Active Directory Group Membership: "Cannot connect to the domain controller for domain"


When attempting to view membership in an Active Directory group from Permissions analysis results, the following message displays:

Group: [group-name] Cannot connect to the domain controller for domain

Possible Reason

A trust relationship between the domain or forest that hosts the Active Directory group and the domain or forest in which ControlPoint is installed

·does not exist


·requires additional authentication.


See Accessing Members of Active Directory Groups in Different Domains or Forests (on page 78).


Properties Dialog: Total Users with Permissions Displays as "Incomplete"


After clicking [Calculate Totals] On the ControlPoint Properties dialog, the number of Total Users with Permissions is followed by (Incomplete).


An exception was encountered when Active Directory users were being counted.  Possible reasons include:

·The ControlPoint Service Account does not have access to an entire Active Directory group or one or more accounts within an Active Directory group.

·Networking problems have been encountered.


Review the ControlPoint Administration log (xcadmin) to determine the cause of the exception.


Users with Permissions Granted Through a Claim are not Showing Up in Permissions Analysis Results


One or more users who have permissions to SharePoint objects through a claim are not being included in permissions analysis results.

Possible Reason

If your SharePoint farm includes claims-based authentication, permissions granted through a claim may not be reliably reported because SharePoint only retains permissions information for an augmentation claims-based user for a limited time after the user logs in.

The same behavior can be observed in SharePoint. For example, the SharePoint Site Permissions > Check Permissions feature may or may not show permissions granted through an augmentation claim, depending on when the user last logged in.


Related Documents