The main test was that you let an AD user log into the server machine; that confirms that the FMS box is indeed a member server of the AD.
To double-check you can also go check the AD UI itself and verify that the server is listed there properly.
FM EA does not really care about the name of the AD so things to check:
- in the FMS admin console: is the option for "filemaker and external accounts" still enabled?
- did any of the AD group names change so that they no longer match what is in FM?
- in the FMS event log, do you see errors 661 for when a user tries to log in?
- can you log into the FM file by specifying the AD name in the account syntax (like DOMAIN\user or firstname.lastname@example.org)?
I wish I could get the admin console to check "filemaker and external accounts"
Great thought on the AD group names - that sounds like a real possibility, will check
Yes, getting 661 errors
will get them to try logging in with AD name in account syntax
Great thoughts, thanks
One more thought: was the old setup one where true SSO worked?
If so, might be that the workstations are not fully joined to the new AD?
Since you are getting 661; also check the Windows security event log to see if you see corresponding failure reports there and see what the detail on those reports say.
No familiar with Windows Security Log,
but see a 'PrivilegeList' - am guessing this is the AD groups the user is a member of, if so we have the answer - the one we need not listed.
I am waiting for a response from their IT support
Don't think it is an issue with the workstations, user could not login with a copy of FileMAker on the server
as usual your clear thinking helped - IT had not transferred the groups. A lesson - look for the obvious not the complicated!
Glad you got it sorted out!