Traction Guest allows you to sync hosts into your account directly from your Active Directory. This process uses a powershell script in conjunction with an API token and endpoint retrieved from Traction Guest.
​
This article walks through a few common issues you may encounter, as well as steps you can take to solve them. For more information on setting up your Active Directory integration, see THIS article.

The sections below include:
​

Don't hesitate to reach out to our support team at [email protected] or 1-855-215-9508 if you are still encountering issues.

Why isn’t Traction Guest removing hosts that are no longer in my Active Directory?

There are a few common reasons why hosts wouldn’t be removed from Traction Guest. A quick check of the CSV file being generated as a result of your script running, can help identify the path you should take.
​
You can access our Powershell script using this URL:
​https://tractionguest.atlassian.net/wiki/spaces/KB/pages/321257664/Microsoft+Powershell+Script?atlOrigin=eyJpIjoiZjk3NzFkOWIzZTVlNGY3Y2E2Y2U4YTRjNmI0ZWI2YzMiLCJwIjoiYyJ9
​
Using the following line in your script will export a CSV file that you can review to see exactly what information is being pulled from your Active Directory:
​
​$csvdata | export-csv -NoTypeInformation "c:\hosts.csv" -encoding UTF8
​
You can specify the exact location you would like the file to be exported by entering in the file path between quotes. Based on the line above, the CSV file would be saved to the root of the C drive and named hosts.csv
​
Make your adjustments accordingly, or leave the file path as is and run the script. Once your CSV is generated, open the file to review its contents - you can use any spreadsheet tool or even the basic notepad application.
​
​
​Are the hosts that you would like removed from Traction Guest appearing in the CSV file?
​
​Yes, but these users are in a different OU and should not be a part of the data being captured
​
​
You need to adjust the searchbase. Below you will find the line that controls this, including the highlighted portion for this specific function (orange text):
​
​
$csvdata = get-aduser -filter {enabled -eq $true -and EmailAddress -like "*@tractionguest*" -and givenname -like "*" -and surname -like "*"} -searchbase "OU=#someOU,DC=#companyname#,DC=com" -properties mail,country,department |
​
​
​Yes, but these users are disabled in Active Directory
​
​
You’ll need to ensure that the script is excluding disabled users. Below you will find the line that controls this, including the highlighted portion for this specific exclusion (orange text):
​
​
$csvdata = get-aduser -filter {enabled -eq $true -and EmailAddress -like "*@tractionguest*" -and givenname -like "*" -and surname -like "*"} -searchbase "OU=#someOU,DC=#companyname#,DC=com" -properties mail,country,department |
​
​
​
​Are the hosts that you would like removed from Traction Guest not in the CSV file?
​
​
In this case, the hosts are likely owned by a different user and the script is designed to ignore users that are not owned by you. Below you’ll find the line that controls this, including the highlighted portion for this specific function (orange text):
​
​
$guest_url = 'https://us.tractionguest.com/people/import_v2?remove_unmatched_hosts=true&ignore_ownership=true&overwrite_person_groups=true&remove_empty_groups=true';

​
When hosts are added to Traction Guest, it assigns an owner to those records based on who added them. For example, if User1 added John Smith, User1 would own that record.
​
To ensure that manually added hosts are ignored when running an Active Directory script, you must pass the following parameter: ignore_ownership=false
​
When passing the above parameter, Traction Guest will upload the hosts that are contained within the CSV file generated from the Powershell script. It will ignore any host record not owned by the individual who authorized the Active Directory integration.
​
​
​

When running the script, I'm getting "The remote server returned an error: (401) Unauthorized - {"message":"Something is not right with your credentials"}”

​
This message is typically caused by an error within the API token, or in other words, the piece that provides authorization for Traction Guest and your Active Directory to communicate.
​
​
If you haven’t yet generated this API token - check out THIS article (see section: ‘Generating the API token’)
​
​
The token should be placed at the start of your script using the following syntax:
$guest_token = 'Basic #token#'
​
​

​
​
You must ensure that the word Basic (shown above) precedes the token.

If a Host API token has been entered into the script, then the 401 error could potentially be because the User who generated the Token is no longer with the company or may have revoked the Token in Traction Guest.
To check who this user is, copy the basic token in the Powershell Script and use a base64 decoder tool to find out the email of the user who generated the Token.