The following message "The search string is too long" is exhibited when a search is performed in an attempt to add user objects in a specific group.
In the source code is set a max to limit of 800 characters, this is almost double the LDAP max length in ADUC, also there is a limit of 100 total items using semi colon for that search.
Whichever limit is reached first the error message will be displayed.
Workaround 1
The following PowerShell cmdlet can be run
1) Create a .csv file which on the first line should have the field that will be used for look up the members, in this example the SamAccountName is being used.
2) On the PowerShell cmdlet replace the path C:\Temp\Users.csv by the file created on the step one.
3) with the Active Role Manager Shell opened, run the following cmdlet: Import-Csv -Path C:\Temp\Users.csv | %{Add-QADGroupMember -Identity GG_APAC_Japan_Tokyo -Member $_.SamAccountName}
Workaround 2
A search can be performed for some, check them off, and then search for others and check them off as well in the same window.
© 2024 One Identity LLC. ALL RIGHTS RESERVED. Feedback Terms of Use Privacy Cookie Preference Center