- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎04-23-2018 01:35 PM
Not sure if I picked the right topic/forum on top. But, I have this question.
Some employees return back to company. Their old account was deactivated years back. Then, they get a new AD account when they return back. So, they have a new user profile now. In that case, the old account stays deactivated in the user table and the new account does not come into Servicenow with a LDAP feed. So, I had to delete the deactivated/old account and execute LDAP refresh. Then, I see the new account in Servicenow.
Is deleting the old account the right method?
Why not the new account come into Servicenow without deleting the old one?
Thanks,
Rajini
Solved! Go to Solution.

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎04-24-2018 10:04 AM
Ok. I think I understand the issue now.
You have two options
1) Your should set the coalesce on user id instead of the object GUID.
Because if AD team created a new account with a new GUID, but username is same, based on the coalesce, transform map will try to create a new user account in servicenow. But it will fail to do so, because an account with same user name already exists. User name is the unique key in User table.
2) You should rename the user account after an account is terminated. for ex, we rename our user accounts to username$todays date. So that, when a new account is created with the same username, there is no clash and transform map can create the account successfully.
Please mark this response as correct or helpful if it assisted you with your question.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎04-23-2018 01:57 PM
I think it is due the Coalesce set on the sAMAccountName or ObjectGUId field. If the AD team is trying to add the same sAMAccountName for that user which is already existing on the old acc, then probably ServiceNow doesn't accept it because it understands as a duplicate account and especially that field is set to Coalesce 'true'. This might be the reason I can think. Not sure on which field you have a coalesce set to true.
Please hit correct based on impact of response.
Thanks
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎04-23-2018 02:32 PM
Yes I see a coalesce on ObjectGUID field. But the ObjectGUID field had a different value in the old account and new account.
Example:
new account's ObjectGUID: DZns1HynwEC11aM3/3Ci3A==
old account's ObjectGUID: Cpak6fxu4UiCTdv+Q+9yMQ==
So, what should I do now? What should I convey to the AD team?

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎04-23-2018 04:32 PM
Is that the coalesce for the transform map between ldap_import and sys_user table?
Can you also check, if you have a business rule in your transform map, which is restricting any update to an account which is already inactive. Perhaps thats the reason the existing account doesn't get activated.
Please mark this response as correct or helpful if it assisted you with your question.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎04-24-2018 07:22 AM