KBI 311600 Insufficient Privileges Error When Accessing Argent Commander Or Argent Reports With User From Trusted Domain


Argent Commander 5.0A-1707-A or below

Argent Reports 7.0A-1710-E or below


Wednesday, 20 December 2017


Customers may see ‘Insufficient Privilege’ error messages while logging into Argent Commander or Argent Reports with a user from a Trusted Domain (e.g. a trusted domain that differs from the domain that Argent Commander is installed in)

Similarly, when customers use Argent Commander or Argent Reports’ Security page to search for Active Directory users or group in a Trusted Domain, the page may return no results

Technical Background

The issue stems from two areas of the code:

  1. The internal LDAP queries that are responsible for getting a list of Active Directory users and groups

    Typically, LDAP queries are made against LDAP:// — however, in order to cater for all forms of Trusted Domains, the Global Catalog should be targeted instead (GC://)

    The Global Catalog caches information from both the local domain and Trusted Domains, which makes it the best place to make queries against

  2. The code responsible for determining the ‘Distinguished Name’ of an Active Directory user (e.g. CN=john.doe,OU=Administrators Group,DN=argsoft,DN=internal,DN=corp)

    The ‘Distinguished Name’ of the user is required to query Active Directory to find out what Security Groups a particular user is a member of.

    The existing code was unable to translate users from certain types of Trusted Domains into the ‘Distinguished Name’.


This issue has been formally addressed in Argent Commander 5.0A-1801-A and Argent Reports 7.0A-1801-A