I am in the process of building up EEM to roll out to different agencies with in my domain, for ease of management each agency has created a group im AD that will synch via the connector to the EEM group.
Thanks to this forum I got it working and it's great.
a few things I noticed:
If I have 1 user in the AD membership and synch to the EEM group it replicates find. if delete the 1 member in the AD group it disable it in EEM, however if I have more than 1 it works, example I have 3 users i delete 2 in AD 2 get removed in EEM.
another issue I have is if I change the account logon name I was not able to see the change in EEM example: Jane Doe has an AD account JDoe the new account was added to the AD group Synchs with EEM and I have the account in the appropriate EEM group, Jane Doe changes her name it's now Jane Smith
AD account is now changed to JSmith at replication the EEM account is still JDoe
I do not know if I am missing out on anything or for some reason the connector doesn't recognize the change.
I thank you all in advanced as I am learning this as I go which i inherited and we want to implement this ASAP I found these forums to be EXTREMELY helpful.
check your connector log - it will tell you why the rename did not occur - perhaps the SAMAccountName for the user did not change, or, you are not using SAMAccountName for bindings?
regardless, the log will tell you what's going on.
you are so quick to response and thank you!!
I did check tyhe logs and it picks up the account (old name) and states: no changes
and yes I am using the connector and I am using the samaccount
Thank you again
check the last change attribute between EEM and your AD - maybe the connector is talking to a different server than the one the account was first collected from, and the change attribute is higher than the value stored in EEM.
That is one of reasons that is good to know "Change attribute" setting. You should use only one server for AD LDAP connection, or get rid (empty) that value in EEM connector settings.
First of all, there are quite a number of connector settings. It would be useful, if you can list what you have set up in:
Did you setup connector log in main connector properties -> "Log" tab -> checkmark in "Enable loggin of connecto's activity"?
If you did, it would be nice to see that log too.
there's your problem - who ever set it up changed the binding attribute to be DN, instead of ObjectGUID - the DN changes when the name changed, so the connector won't find the original user any more.
the binding attribute should be something that's the same for the life of the account, not something that changes when the account moves OU, or changes name as you found.
You really need to set this back and use something like LinkUser to rebind everyone, otherwise your connector is going to be useless.
You have changed Binding attribute to "dn". When you rename user, distinguished name was changed also, so it cannot carry the change.
Use default "objectGUID" to link EEPC user and AD user, more permanently.
Could you post connector log also? Situation would be more evident there.
i tried changing those settings and it did not work, what I did find out that I had to change the account name in the pre window 2000 box (ehs\accountname) then the change replicated