You are viewing limited content. For full access, please sign in.

Question

Question

LFDS Sync fails if AD user is Renamed and a new user is created with the original name

Directory Server Version 10 Administration
Updated September 23, 2019
asked on September 20, 2019 Show version history

I have a large customer that routinely renames AD users and deactivates the account.  Then they use the original name for a new user.  They use a lot of interns and when one intern leaves, their replacement is given the same user name on a new AD account.  Usually, the new user is created within 15 minutes of renaming and disabling the original user.

 

AD Account "someuser" gets renamed to "someuser-092019DL" (adding 2 digit month, day, and year and the letters DL) and is deactivated (note that they are not removed from any groups).

New AD Account created and named "someuser" and added to the same groups as the previous user.

 

After this AD account change happens, the LFDS sync is broken until the LF administrator can figure out what user(s) was deactivated and then manually remove the user from LFDS.  Is there anything they can do to help automate this process so that they do not have to continually manually remove users from LFDS?  Below shows the Sync settings.

1 0

Replies

replied on September 23, 2019

Hi Bert, after you rename the user to "someuser-092019DL", you may create a new "someuser" but do not disable "someuser-092019DL" yet. Run AD sync to get both the users in LFDS and then you can disable "someuser-092019DL" in AD. The next AD sync will pick up the changes and disable "someuser-092019DL" in LFDS.

1 0
You are not allowed to follow up in this post.

Sign in to reply to this post.

Details
Related Posts
Loading ...