Ever since lifting our AD to 2016 I have been getting a bunch of these warnings. The 'User Search Base' and 'Role Search Base' are set much deeper than DC=Domain,DC=com so I cannot figure out which LDAP filter or setting to change.
[profileName=Active Directory] Unable to read group attribute "cn" from group "CN=XXXX\0ADEL:24be81d1-b2aa-448b-9cf7-7bca6c4b3c3a,CN=Deleted Objects,DC=Domain,DC=com", using distinguished name instead.
javax.naming.NameNotFoundException: [LDAP: error code 32 - 0000208D: NameErr: DSID-03100241, problem 2001 (NO_OBJECT), data 0, best match of: 'CN=xxxx\0ADEL:24be81d1-b2aa-448b-9cf7-7bca6c4b3c3a,CN=Deleted Objects,DC=Domain,DC=com' ]
at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3179)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:3100)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2891)
at com.sun.jndi.ldap.LdapCtx.c_getAttributes(LdapCtx.java:1329)
at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_getAttributes(ComponentDirContext.java:235)
at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.getAttributes(PartialCompositeDirContext.java:141)
at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.getAttributes(PartialCompositeDirContext.java:129)
at javax.naming.directory.InitialDirContext.getAttributes(InitialDirContext.java:142)
at com.inductiveautomation.ignition.gateway.authentication.impl.ActiveDirectoryUserSource$UserSearchHandler$RoleLoader.load(ActiveDirectoryUserSource.java:268)
at com.inductiveautomation.ignition.gateway.authentication.impl.ActiveDirectoryUserSource$UserSearchHandler$RoleLoader.load(ActiveDirectoryUserSource.java:253)
at com.google.common.cache.LocalCache$LoadingValueReference.loadFuture(LocalCache.java:3527)
at com.google.common.cache.LocalCache$Segment.loadSync(LocalCache.java:2319)
at com.google.common.cache.LocalCache$Segment.lockedGetOrLoad(LocalCache.java:2282)
at com.google.common.cache.LocalCache$Segment.get(LocalCache.java:2197)
at com.google.common.cache.LocalCache.get(LocalCache.java:3937)
at com.google.common.cache.LocalCache.getOrLoad(LocalCache.java:3941)
at com.google.common.cache.LocalCache$LocalLoadingCache.get(LocalCache.java:4824)
at com.inductiveautomation.ignition.gateway.authentication.impl.ActiveDirectoryUserSource$UserSearchHandler.endBatch(ActiveDirectoryUserSource.java:301)
at com.inductiveautomation.ignition.gateway.authentication.impl.LDAPHelper.search(LDAPHelper.java:323)
at com.inductiveautomation.ignition.gateway.authentication.impl.LDAPHelper.search(LDAPHelper.java:273)
at com.inductiveautomation.ignition.gateway.authentication.impl.ActiveDirectoryUserSource.getUsers(ActiveDirectoryUserSource.java:162)
at com.inductiveautomation.ignition.gateway.authentication.UserSourceWrapper.updateCache(UserSourceWrapper.java:120)
at com.inductiveautomation.ignition.gateway.authentication.UserSourceManagerImpl$UpdateCacheTask.run(UserSourceManagerImpl.java:361)
at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
at java.util.concurrent.FutureTask.run(FutureTask.java:266)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
at java.lang.Thread.run(Thread.java:748)