LDAP Sync Issues

Go to solution
Ibaa_Shoheb
Tera Contributor

‎05-14-2018 10:01 AM

Our ServiceNow Instance syncs to Active Directory. This sync creates new users, updates users details, adds users to assignment groups and deactivates users. It works in the most part for updates and changes, expect where a nil value occurs.
For eg: If i change my manager from "Manager A" to "Manager B", this is picked up in the sync and the user record updates correctly in ServiceNow. However, if my manager is changed from "Manager A" to "Blank" this change does not get reflected in the import. The user record in SNOW will remain with "Manager A" whilst in Active Directory this is blank.

Also, we control our assignment groups in AD. If the assignment group had 4 members A, B, C and D and I remove D from AD then this would be removed from SNOW. If I remove A, B, C and D and left the assignment group in AD empty then nothing is removed from assignment group.

We have checked all the scripts and do not know how to resolve this issue.

0 Helpfuls
  • 4,067 Views
1 ACCEPTED SOLUTION

Go to solution
Jaspal Singh
Mega Patron
Mega Patron
In response to Ibaa_Shoheb

‎06-21-2018 07:20 AM

Yes, it will. You may refer link for additional information.

 

Thanks,

Jaspal Singh

 

Hit Helpful or Correct on the impact of response.

View solution in original post

20 REPLIES 20

Go to solution
Ibaa_Shoheb
Tera Contributor
In response to Jaspal Singh

‎05-29-2018 07:38 AM

Hi Jaspal,

I will give this a try and will let you know the updates.

Regards,

Shoheb Shaikh

0 Helpfuls

Go to solution
Ibaa_Shoheb
Tera Contributor
In response to Ibaa_Shoheb

‎05-29-2018 08:56 AM

Hi Jaspal,

 

No luck. The field still has the manager value in SNOW.

 

Regards,

Shoheb Shaikh 

0 Helpfuls

Go to solution
Jaspal Singh
Mega Patron
Mega Patron
In response to Ibaa_Shoheb

‎06-04-2018 02:19 AM

Hi Shoheb,

 

Kindly try changing snippet for setManager function from

 

 //possibly line 32 of script include

setManager: function(source, target) {
var ge = source.getElement(this.manager);
if (!ge || ge.isNil())
return;

this._getLdapUserUpdate();
var ldap = new GlideLDAPUserUpdate();
var mid = this.ldapUserUpdate.getManagerValue(target, ge.toString());
if (mid == null)
return;

target.manager = mid; 
},

 

to

 

setManager: function(source, target) {
var ge = source.getElement(this.manager);
//if (!ge || ge.isNil())
//return;
if(ge.isNil())
{
target.manager=''; //empties the manger field
}


this._getLdapUserUpdate();
var ldap = new GlideLDAPUserUpdate();
var mid = this.ldapUserUpdate.getManagerValue(target, ge.toString());
if (mid == null)

return;
target.manager = mid;


},

 

For the Assignment Group part I would suggest you to check if there exists any property named

glide.ldap.allow_empty_group

 

If not I would suggest you to get one created as below

find_real_file.png

 

Thanks,

Jaspal Singh

 

Hit Helpful or Correct on the impact of response.

Preview file
26 KB

Go to solution
Ibaa_Shoheb
Tera Contributor

‎06-12-2018 02:34 AM

Thanks  Jaspal. This worked. Appreciate your help on this. 

 

Regards,

Shoheb Shaikh

0 Helpfuls

Go to solution
Ibaa_Shoheb
Tera Contributor
In response to Ibaa_Shoheb

‎06-13-2018 03:57 AM

Hi Jaspal,

We have same issue for users location as well. Location is blank in AD but the location is still present in SNOW. 

Regards,

Shoheb Shaikh 

0 Helpfuls