Not sure how the user accounts should work when the employee returns back to the company?

Go to solution
Community Alums
Not applicable

‎04-23-2018 01:35 PM

Not sure if I picked the right topic/forum on top. But, I have this question.

Some employees return back to company. Their old account was deactivated years back. Then, they get a new AD account when they return back. So, they have a new user profile now. In that case, the old account stays deactivated in the user table and the new account does not come into Servicenow with a LDAP feed. So, I had to delete the deactivated/old account and execute LDAP refresh. Then, I see the new account in Servicenow.

Is deleting the old account the right method?

Why not the new account come into Servicenow without deleting the old one?

 

Thanks,

Rajini

0 Helpfuls
  • 1,239 Views
1 ACCEPTED SOLUTION

Go to solution
SanjivMeher
Kilo Patron
Kilo Patron
In response to Community Alums

‎04-24-2018 10:04 AM

Ok. I think I understand the issue now.

You have two options

1) Your should set the coalesce on user id instead of the object GUID. 

Because if AD team created a new account with a new GUID, but username is same, based on the coalesce, transform map will try to create a new user account in servicenow. But it will fail to do so, because an account with same user name already exists. User name is the unique key in User table.

 

2) You should rename the user account after an account is terminated. for ex, we rename our user accounts to username$todays date. So that, when a new account is created with the same username, there is no clash and transform map can create the account successfully.


Please mark this response as correct or helpful if it assisted you with your question.

View solution in original post

0 Helpfuls
10 REPLIES 10

Go to solution
SanjivMeher
Kilo Patron
Kilo Patron
In response to Community Alums

‎04-24-2018 10:04 AM

Ok. I think I understand the issue now.

You have two options

1) Your should set the coalesce on user id instead of the object GUID. 

Because if AD team created a new account with a new GUID, but username is same, based on the coalesce, transform map will try to create a new user account in servicenow. But it will fail to do so, because an account with same user name already exists. User name is the unique key in User table.

 

2) You should rename the user account after an account is terminated. for ex, we rename our user accounts to username$todays date. So that, when a new account is created with the same username, there is no clash and transform map can create the account successfully.


Please mark this response as correct or helpful if it assisted you with your question.
0 Helpfuls

Go to solution
Community Alums
Not applicable

‎04-24-2018 11:14 AM

Sanjiv, that makes sense. I just checked the user id field and it is unique.

So, I should do both #1 and #2?

While deactivating the user profile, we can append the date with user id using a business rule right?

0 Helpfuls

Go to solution
SanjivMeher
Kilo Patron
Kilo Patron
In response to Community Alums

‎04-24-2018 11:32 AM

Yes. I would prefer option 2.

Because you will not have to make any changes to the integration, such as the coalesce field which has high impact. Also renaming the user should be fine since the coalesce is on GUID. So even if the user was deactivated by mistake, it will get activated based on the GUID and the correct username will repear. 

 

BR can be 

Condition: Active Changes to False

 

Script

var gdt = new GlideDateTime();

current.user_name = '$'+gdt.getDayOfMonth()+gdt.getMonth()+gdt.getYear()+'_'+current.user_name;

 

For existing records, you may need to rename them manually


Please mark this response as correct or helpful if it assisted you with your question.
0 Helpfuls

Go to solution
Community Alums
Not applicable
In response to SanjivMeher

‎04-26-2018 09:39 AM

I updated the deactivated user accounts with the date.  But every time the LDAP feed comes in, it is updating the user_name back to the original. What is the best approach to solve this. Why the deactivated accounts need to be updated in every ldap refresh? should I talk to AD team about this?

0 Helpfuls

Go to solution
SanjivMeher
Kilo Patron
Kilo Patron
In response to Community Alums

‎04-26-2018 02:32 PM

Ok. A better approach would be, use below code in the transform map to the existing onBefore business rule.

var gdt = new GlideDateTime();

target.user_name = '$'+gdt.getDayOfMonth()+gdt.getMonth()+gdt.getYear()+'_'+source.u_samaccountname;

source.u_samaccountname = '$'+gdt.getDayOfMonth()+gdt.getMonth()+gdt.getYear()+'_'+source.u_samaccountname;

 

Add above lines to line no 13

 

find_real_file.png

 

If we dont want to update user record which is already inactive, we can use the below code in the onBefore Business rule in the transform map.

 

var userRec = new GlideRecord('sys_user');

userRec.addQuery('user_name',source.u_samaccountname);

userRec.query();

 

if (userRec.next() && userRec.active!='true')

{

ignore=true;

}

 

 


Please mark this response as correct or helpful if it assisted you with your question.
Preview file
58 KB
0 Helpfuls