One or more Active Directory (AD) users do not appear in the Okta Import tab after performing an import.

• Directories
• Active Directory (AD)
• Imports
• Okta Classic Engine

1. Verify the AD user is in an OU that is selected in Okta in the Directory integration under Provisioning > Integration.

2. In the user's AD object, verify that the attributes First Name, Last Name, and User Principal Name all have values.

   1. If the email address field is blank, Okta's default behavior is to use the UPN as the email address.

   2. If each field is populated correctly in AD:

      1. In the Okta Admin console, navigate to Directory > Profile Editor.

      2. Find the Active Directory instance and click Mappings.

      3. Examine the mappings for login, firstName, lastName, and email.

         1. ​If other AD attributes have been configured to map to any of the above, ensure that they are populated on the AD object.

         2. If these attribute values are missing, the following error can be found in System Logs.

            eventType eq "system.agent.ad.import_user" and outcome.result eq "SKIPPED"

             

3. Verify that the user's AD object is not in a disabled or locked state in Active Directory.
4. Verify that the isCriticalSystemObject attribute on the user's AD object is set to false; otherwise, the user will not be imported into Okta.

5. Verify the user is not in the IGNORED section of the Import tab.

6. Verify the option Skip users during import is not selected under Provisioning > To Okta.

7. Verify there is no trailing whitespace before or after the email address in Active Directory. See the following article for more details: Cannot Confirm or Import Active Directory User Due to Email Format.