cancel
Showing results for 
Search instead for 
Did you mean: 
franaiell
Level 7

Active directory name change

Hello all,

  I am in the process of building up EEM to roll out to different agencies with in my domain, for ease of management each agency has created a group im AD that will synch via the connector to the EEM group.

Thanks to this forum I got it working and it's great.

a few things I noticed:

If I have 1 user in the AD membership and synch to the EEM group it replicates find. if delete the 1 member in the  AD group it   disable it in EEM, however if I have more than 1  it works, example I have 3 users i delete 2 in AD 2 get removed in EEM.

another issue I have is if I change the account logon name I was not able to see the change in EEM example: Jane Doe has an AD account JDoe the new account was added to the AD group Synchs with EEM and I have the account in the appropriate EEM group, Jane Doe changes her name it's now Jane Smith

AD account is now changed to JSmith at replication the EEM account is still JDoe

I do not know if I am missing out on anything or for some reason the connector doesn't recognize the change.

I thank you all in advanced as I am learning this as I go which i inherited and we want to implement this ASAP I found these forums to be EXTREMELY helpful.

0 Kudos
17 Replies
Highlighted
SafeBoot
Level 21

Re: Active directory name change

check your connector log - it will tell you why the rename did not occur - perhaps the SAMAccountName for the user did not change, or, you are not using SAMAccountName for bindings?

regardless, the log will tell you what's going on.

0 Kudos
franaiell
Level 7

Re: Active directory name change

you are so quick to response and thank you!!

I did check tyhe logs and it picks up the account (old name) and states: no changes

and yes I am using the connector and I am using the samaccount

Thank you again

0 Kudos
SafeBoot
Level 21

Re: Active directory name change

check the last change attribute between EEM and your AD - maybe the connector is talking to a different server than the one the account was first collected from, and the change attribute is higher than the value stored in EEM.

0 Kudos
peter_eepc
Level 15

Re: Active directory name change

That is one of reasons that is good to know "Change attribute" setting. You should use only one server for AD LDAP connection, or get rid (empty) that value in EEM connector settings.

0 Kudos
peter_eepc
Level 15

Re: Active directory name change

First of all, there are quite a number of connector settings. It would be useful, if you can list what you have set up in:

  • "User information" section -> "User attributes" tab -> "Binding attribute", "User name" and "Change attribute"

Did you setup connector log in main connector properties -> "Log" tab -> checkmark in "Enable loggin of connecto's activity"?

If you did, it would be nice to see that log too.

0 Kudos
franaiell
Level 7

Re: Active directory name change

I attached a screenshot of the settings

0 Kudos
SafeBoot
Level 21

Re: Active directory name change

there's your problem - who ever set it up changed the binding attribute to be DN, instead of ObjectGUID - the DN changes when the name changed, so the connector won't find the original user any more.

the binding attribute should be something that's the same for the life of the account, not something that changes when the account moves OU, or changes name as you found.

You really need to set this back and use something like LinkUser to rebind everyone, otherwise your connector is going to be useless.

0 Kudos
peter_eepc
Level 15

Re: Active directory name change

You have changed Binding attribute to "dn". When you rename user, distinguished name was changed also, so it cannot carry the change.

Use default "objectGUID" to link EEPC user and AD user, more permanently.

Could you post connector log also? Situation would be more evident there.

0 Kudos
franaiell
Level 7

Re: Active directory name change

i tried changing those settings and it did not work, what I did find out that I had to change the account name in the pre window 2000 box (ehs\accountname) then the change replicated

0 Kudos