Not sure how the user accounts should work when the employee returns back to the company?

Community Alums · ‎04-23-2018

Not sure if I picked the right topic/forum on top. But, I have this question.

Some employees return back to company. Their old account was deactivated years back. Then, they get a new AD account when they return back. So, they have a new user profile now. In that case, the old account stays deactivated in the user table and the new account does not come into Servicenow with a LDAP feed. So, I had to delete the deactivated/old account and execute LDAP refresh. Then, I see the new account in Servicenow.

Is deleting the old account the right method?

Why not the new account come into Servicenow without deleting the old one?

Thanks,

Rajini

SanjivMeher · ‎04-24-2018

Ok. I think I understand the issue now.

You have two options

1) Your should set the coalesce on user id instead of the object GUID.

Because if AD team created a new account with a new GUID, but username is same, based on the coalesce, transform map will try to create a new user account in servicenow. But it will fail to do so, because an account with same user name already exists. User name is the unique key in User table.

2) You should rename the user account after an account is terminated. for ex, we rename our user accounts to username$todays date. So that, when a new account is created with the same username, there is no clash and transform map can create the account successfully.

Please mark this response as correct or helpful if it assisted you with your question.

View solution in original post

Nitin_NOW · ‎04-23-2018

I think it is due the Coalesce set on the sAMAccountName or ObjectGUId field. If the AD team is trying to add the same sAMAccountName for that user which is already existing on the old acc, then probably ServiceNow doesn't accept it because it understands as a duplicate account and especially that field is set to Coalesce 'true'. This might be the reason I can think. Not sure on which field you have a coalesce set to true.

Please hit correct based on impact of response.

Thanks

Community Alums · ‎04-23-2018

Yes I see a coalesce on ObjectGUID field. But the ObjectGUID field had a different value in the old account and new account.

Example:

new account's ObjectGUID: DZns1HynwEC11aM3/3Ci3A==
old account's ObjectGUID: Cpak6fxu4UiCTdv+Q+9yMQ==

So, what should I do now? What should I convey to the AD team?

SanjivMeher · ‎04-23-2018

Is that the coalesce for the transform map between ldap_import and sys_user table?

Can you also check, if you have a business rule in your transform map, which is restricting any update to an account which is already inactive. Perhaps thats the reason the existing account doesn't get activated.

Please mark this response as correct or helpful if it assisted you with your question.

Community Alums · ‎04-24-2018

Yes there is coalesce for transform map between ldap import and user table.

I see 3 transform scripts,