- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-23-2018 01:35 PM
Not sure if I picked the right topic/forum on top. But, I have this question.
Some employees return back to company. Their old account was deactivated years back. Then, they get a new AD account when they return back. So, they have a new user profile now. In that case, the old account stays deactivated in the user table and the new account does not come into Servicenow with a LDAP feed. So, I had to delete the deactivated/old account and execute LDAP refresh. Then, I see the new account in Servicenow.
Is deleting the old account the right method?
Why not the new account come into Servicenow without deleting the old one?
Thanks,
Rajini
Solved! Go to Solution.

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-24-2018 10:04 AM
Ok. I think I understand the issue now.
You have two options
1) Your should set the coalesce on user id instead of the object GUID.
Because if AD team created a new account with a new GUID, but username is same, based on the coalesce, transform map will try to create a new user account in servicenow. But it will fail to do so, because an account with same user name already exists. User name is the unique key in User table.
2) You should rename the user account after an account is terminated. for ex, we rename our user accounts to username$todays date. So that, when a new account is created with the same username, there is no clash and transform map can create the account successfully.
Please mark this response as correct or helpful if it assisted you with your question.

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-24-2018 10:04 AM
Ok. I think I understand the issue now.
You have two options
1) Your should set the coalesce on user id instead of the object GUID.
Because if AD team created a new account with a new GUID, but username is same, based on the coalesce, transform map will try to create a new user account in servicenow. But it will fail to do so, because an account with same user name already exists. User name is the unique key in User table.
2) You should rename the user account after an account is terminated. for ex, we rename our user accounts to username$todays date. So that, when a new account is created with the same username, there is no clash and transform map can create the account successfully.
Please mark this response as correct or helpful if it assisted you with your question.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-24-2018 11:14 AM
Sanjiv, that makes sense. I just checked the user id field and it is unique.
So, I should do both #1 and #2?
While deactivating the user profile, we can append the date with user id using a business rule right?

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-24-2018 11:32 AM
Yes. I would prefer option 2.
Because you will not have to make any changes to the integration, such as the coalesce field which has high impact. Also renaming the user should be fine since the coalesce is on GUID. So even if the user was deactivated by mistake, it will get activated based on the GUID and the correct username will repear.
BR can be
Condition: Active Changes to False
Script
var gdt = new GlideDateTime();
current.user_name = '$'+gdt.getDayOfMonth()+gdt.getMonth()+gdt.getYear()+'_'+current.user_name;
For existing records, you may need to rename them manually
Please mark this response as correct or helpful if it assisted you with your question.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-26-2018 09:39 AM
I updated the deactivated user accounts with the date. But every time the LDAP feed comes in, it is updating the user_name back to the original. What is the best approach to solve this. Why the deactivated accounts need to be updated in every ldap refresh? should I talk to AD team about this?

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-26-2018 02:32 PM
Ok. A better approach would be, use below code in the transform map to the existing onBefore business rule.
var gdt = new GlideDateTime();
target.user_name = '$'+gdt.getDayOfMonth()+gdt.getMonth()+gdt.getYear()+'_'+source.u_samaccountname;
source.u_samaccountname = '$'+gdt.getDayOfMonth()+gdt.getMonth()+gdt.getYear()+'_'+source.u_samaccountname;
Add above lines to line no 13
If we dont want to update user record which is already inactive, we can use the below code in the onBefore Business rule in the transform map.
var userRec = new GlideRecord('sys_user');
userRec.addQuery('user_name',source.u_samaccountname);
userRec.query();
if (userRec.next() && userRec.active!='true')
{
ignore=true;
}
Please mark this response as correct or helpful if it assisted you with your question.