Overview π₯
In some environments, partners may observe incorrect, duplicated, or unexpected values displayed on the System Details page for an Active Directory Inspector.
Common examples include:
Privileged users appearing as the system (Inspector) name
The same value repeated multiple times
Missing expected users or groups
Incorrect data shown in System Details widgets or alerts
Example :
Although this behavior may initially appear to be an inspection or metric issue, it is most commonly caused by Inspector payload trimming being enabled within the Active Directory Inspector configuration.
Symptoms π€
Partners may notice one or more of the following:
β
Privileged Users list shows the Inspector friendly name repeatedly
β
Actual Domain Admins / Enterprise Admins are missing
β
Metrics display placeholder or incorrect values
β
Alerts referencing incorrect identities
β
Builder output differs from expected Active Directory results
β
Dataprint appears incomplete or missing expected arrays
Example affected metric:
Users[?contains(Privileged, `Yes`)].Name || to_array(`-`)
Instead of returning privileged usernames, the output may display:
DomainController01
DomainController01
DomainController01
Validation in Active Directory π¨βπ§
The discrepancy can typically be confirmed by querying Active Directory directly.
Example validation commands (use in elevated PowerShell):
Check privileged group membership
Get-ADGroupMember -Identity "Domain Admins" -Recursive |
Select-Object name, samaccountname, distinguishedname
Get-ADGroupMember -Identity "Domain Admins" -Recursive |
Select-Object name, samaccountname, distinguishedname
Check common privileged groups
$PrivilegedGroups = "Domain Admins","Enterprise Admins","Administrators",
"Account Operators","Server Operators","Backup Operators"
foreach ($group in $PrivilegedGroups) {
Get-ADGroupMember -Identity $group -Recursive |
Select name,samaccountname,distinguishedname,
@{Label="Group";Expression={$group}}
}
Check protected administrative accounts
Get-ADUser -Filter 'adminCount -eq 1' -Properties adminCount |
Select name,samaccountname,distinguishedname,adminCount
These results typically confirm that Active Directory contains correct data, while Liongard displays incomplete values.
Root Cause β¨
The issue occurs when Inspector Payload Trimming is enabled.
Within the Active Directory Inspector configuration, administrators may select a Trimming Level (1β5).
Trimming Level | Behavior |
Blank (Recommended) | Full dataprint collected |
Level 1β4 | Partial data reduction |
Level 5 | Maximum payload trimming |
Example:
When trimming is enabled:
Portions of the dataprint are intentionally removed
Large arrays may be reduced or excluded
Relationship mappings may be incomplete
Metrics referencing trimmed fields return fallback values
As a result:
π Metrics expecting arrays such as Users[].Name cannot resolve correctly.
π The platform may display default or repeated system values instead.
This commonly impacts:
Privileged Users
Groups
Membership relationships
Key System Details fields
Alerts relying on trimmed datasets
Why This Happens π€
Payload trimming exists to help environments experiencing:
Large Active Directory datasets
Payload size limits
Inspection upload failures
However, enabling aggressive trimming removes structured data required by:
System Details views
Metrics
Alerts
Reporting datasets
The Inspector itself completes successfully but not all data is collected.
Steps to Resolve π¨βπ»
Step 1 β Open Active Directory Inspector Configuration
Log in to your Liongard instance.
Navigate to: Admin β Inspectors=
Locate the affected Active Directory Inspector.
Click on 3 dots and select Edit Inspector.
Step 2 β Review Trimming Configuration
Locate: Inspector Payload Trimming Level
If set to: 1β5
this indicates trimming is enabled.
Step 3 β Disable Trimming (Recommended)
β Clear the trimming level field completely.
Leave this field blank unless directed by Liongard Support.
Step 4 β Save and Reinspect
Save the Inspector configuration.
Run the Inspector using Debug + Clear Cache option
Step 5 β Validate Results
After inspection completes:
Navigate to System Details
Confirm privileged users display correctly
Verify alerts and metrics return expected values
Review Dataprint for restored arrays
Expected Outcome β
After disabling trimming:
β
Correct privileged users appear
β
System Details populate accurately
β
Metrics resolve properly
β
Alerts evaluate expected identities
β
Full Active Directory relationships return
Additional Troubleshooting π§βπ«
If issues persist:
1οΈβ£ Confirm Dataprint Contains User Arrays
Check that datasets such as:
Users[]
Groups[]
GroupMemberships[]
2οΈβ£ Validate Inspector Health
Ensure:
Inspection completes successfully
Payload upload succeeds
No timeout or size errors exist
Best Practices β
β Leave trimming disabled by default
β Enable trimming only when resolving payload-size failures
β Use the lowest trimming level possible if required
β Revalidate dashboards and alerts after trimming changes
Important Note π
This behavior does not indicate incorrect Active Directory data or a Liongard platform defect.Liongard can only evaluate and display data included in the Inspector payload. When trimming removes required datasets, dependent metrics may produce misleading results.
Impact Scope β οΈ
Although often first noticed with Privileged Users, trimming may also affect:
Group membership visibility
System Details values
Compliance metrics
Alert accuracy
Dashboard reporting
Future metric evaluations
Related Documentation π
Summary π€©
Incorrect or duplicated values shown on the Active Directory System Details page are most commonly caused by Inspector payload trimming being enabled.
Disabling trimming restores full dataprint collection and allows Liongard metrics, alerts, and dashboards to evaluate Active Directory data correctly.