Overview
Just like M-Files, Active Directory ("local AD" as opposed to Entra ID/Azure AD) has various object classes. User accounts in AD have two object classes: User and InetOrgPerson. M-Files AD user sync supports only objects of the User class. Objects of the InetOrgPerson class cannot be imported with built-in tools.
Solution
You can create login accounts and vault users for InetOrgPerson objects in M-Files either manually or via the M-Files COM API. Once the accounts exist in M-Files, they can be used for authentication via AD. So only user sync is not possible for InetOPrgPerson objects via AD, while authentication is.
Another possible workaround is to change M-Files authentication from local AD to Entra ID. This would require synching the InetOrgPerson objects from AD to Entra ID and then from Entra ID to M-Files using one of the following methods:
Importing User Information from Entra ID with the User Synchronization Plugin (recommended for on-premises environments)
Managing User Groups with User Provisioning (recommended for M-Files cloud vaults)
For a recommended process for switching M-Files from AD authentication to Entra ID authentication in on-premises environments is outlined here:
/article/Azure-AD-configuration-process-for-on-premises-deployments
For M-Files cloud vaults, refer to this document:
Configuring Vault Authentication with M-Files Login Service.pdf
