Duplicate user records due to UPN change in AD
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-26-2014 05:58 AM
Users are imported through LDAP, we have coalesced on UPN (User Principal Name). We are now migrating other AD domains into one and the UPN and Sam Account Name are changing for users, thus creating a new user record in Service Now for the same user. How do we replace existing user record in Service Now with new user information from LDAP (no shared unique value between old LDAP info. and new). Also, is there a way to bring work history from old user record to new user profile?
- Labels:
-
Service Mapping
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-01-2014 05:12 PM
I think that you should use objectGuid or objectSid instead UPN.
If you use one of these attributes, ServiceNow would upgrade existing profile instead to create new profile. We have the same problem. We use sammmacountname and when user changes the name, ServiceNow creates new profile. Objectguid is unique value for that profile.
We have learned that objectguid is the unique filed for users in two domains if you import them from one to another. ObjectSid would be different, but in the new domain users' sidHistory would have all objectSid related to the profile
I do not know (even cannot guess) the answer for the last question.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-01-2014 05:28 PM
I agree with Vladimir, objectGUID is good field to coalesce on. For your exisiting users, add the objectGUID field to the existing LDAP USer transform map but keep the UPN as your coalesce field. After a full LDAP refresh, update your transform map to coalesce from the UPN to your objectGUID field.
I'm not sure what you mean by bringing over work history. If you don't delete and reload, then the coalese steps above should preserve historical activity. Can you elaborate on work history?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-08-2014 06:28 AM
Hi Rhonda,
If I understood correctly - work history is requests / incidents / CIs assigned to the user as well as comments / updates (history entries) made by user.
You can run a background script and replace old account with new for requests / incidents / CIs.
As for comments and history entries, I'm not sure this is 100% safe way.
In any case, best way would be to deactivate new duplicated account ASAP and update+reactivate old account.
Hope this helps.
Regards,
Kyryl
