About
Search
Welcome to M-Files Empower – our new support experience. We'd love to hear what you think!Give feedback
Home/Support and troubleshooting/Examples and how to

Active Directory related registry settings

Last updated on 13 September 2023

Admin
Active Directory Sync

Overview

This article lists all registry settings related to user and group import/sync from Active Directory.

Import timeout

This setting specifies how long the AD import operation is allowed to run before terminating.

Registry Key: HKEY_LOCAL_MACHINE\Software\Motive\M-Files\<version>\Server\MFServer

Value name: ADSITimeoutInSeconds

Value type: REG_DWORD (DWORD 32-bit Value)

Value data: Default 60

Note: M-Files Server service needs to be restarted after making changes to this setting.

Maximum number of groups to read from AD

With M-Files versions starting from 23.1, this setting is changed from Advanced Vault Properties, under Configuration -> User Groups -> Active Directory Importing -> Maximum Number of Groups to Return.

This setting specifies how many groups are read from AD. If you work with large Organizational Units with more than 1000 groups, then you need to adjust this setting.

With M-Files versions prior to 23.1:

Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Motive\M-files\<version>\Server\MFServer

Value name: MaxGroupCount

Value type: REG_DWORD (DWORD 32-bit Value)

Value data: Default 1000

Maximum number of users to read from an AD group

With M-Files versions starting from 19.3, this setting is changed from Advanced Vault Properties, under Configuration -> User Groups -> Active Directory Importing -> Maximum Number of Users to Import.

With M-Files versions prior to 19.3:

Registry Key: HKLM\Software\Motive\M-Files\<version>\Server\MFServer

Value name: MaxUserCountFromGroup

Value type: REG_DWORD (DWORD 32-bit Value)

Value data: Default 1000

Import batch size: 

Importing large amounts of users from AD can consume lots of memory on the server. The memory consumption issue has been improved starting from version 19.8.8080.0. User creation can be batched into smaller transactions, which improves robustness but also consumes a lot less memory.

Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Motive\M-Files\<versio>\Server\MFServer\VaultOptions\<GUID>

Value name: ADUserCreationBatchSize

Value type: REG_DWORD (DWORD 32-bit Value)

Value data: Default value is zero, which means that batching is disabled. You could set this to, for example, 50 or 100.

Blacklisting domains

By default, M-Files server tries to read AD structure from all domains it can see. You can use this setting to block M-Files from trying to read given domains:

Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Motive\M-Files\<version>\Server\MFServer

Value name: BlackListedDomains

Value type: REG_MULTI_SZ (Multi-String Value)

Value data: List of distinguished domain names. Each domain is entered on a separate line. 

For example: 

dc=contoso,dc=com

dc=estt,dc=com

test.local

NOTE: Check M-Files Server computer's Windows Event Viewer's Application log for the domains which cannot be reached and the name format with which M-Files tries to connect to the domain. For example, the log could show either "dc=contoso,dc=com" or "contoso.com". Use the value that is shown in the log.

For example if the error says

"Resolving the identity of the domain "test.local" failed. Ensure the server computer running the…."

the correct value to put into the BlackListedDomains would just be

test.local

with no dc= at all.

Searches from other domain forests

Prevent MF Server from searching from domains in other AD forests.

Registry Keys: 

HKLM\Software\Motive\M-Files\<version>\Server\MFServer\ (server level setting that affects all vaults)

HKLM\Software\Motive\M-Files\<version>\Server\MFServer\VaultOptions\<vault guid>\

Value name: IncludeDomainsLocatedInOtherForests

Value type: REG_DWORD (DWORD 32-bit Value)

Value data: 1/0 (default = 1)

Prevent MF Server from looking for group members from domains in other AD forests, so if a group includes members from various domains, only members of the local domain are included in the import.

With M-Files versions starting from 19.3, this setting is changed from Advanced Vault Properties, under Configuration -> User Groups -> Active Directory Importing -> Include Members from other Forests.

With M-Files versions prior to 19.3:

Registry Keys: 

HKLM\Software\Motive\M-Files\<version>\Server\MFServer\ (server level setting that affects all vaults)

HKLM\Software\Motive\M-Files\<version>\Server\MFServer\VaultOptions\<vault guid>\

Value name: IncludeMembersOfGroupsLocatedInOtherForests

Value type: REG_DWORD (DWORD 32-bit Value)

Value data: 1/0 (default = 1)

Related content

Still need help?

Ask the M-Files Community
Submit a Support Request
On this page
Overview
Import timeout
Maximum number of groups to read from AD
Maximum number of users to read from an AD group
Import batch size: 
Blacklisting domains
Searches from other domain forests
Popular links
What is enterprise content management?Business process managementCollaboration solutionsSolutions by industryKey capabilities
About M-Files
Contact usSchedule a demoCareersTrust CenterPrivacy policySecurity Hall of Fame
Resources
Customer Support PortalPartner HubDeveloper PortalUser guideM-Files CommunityTerms and conditions