Username changes and "duplication"

KB15 · ‎09-08-2016

The issue I'm describing is mostly from poor business policy but I won't get into the politics of it. I know it's bad practice.

We have a policy to allow usernames to be changed in AD. They use user ID markers to identify them as consultant or a FTE. When a conversion occurs, they change the user ID. This causes issues in ServiceNow because whenever the username is changed in AD, a new account is created in ServiceNow for the same person. What I'm looking for are for any solutions that would prevent this on the ServiceNow side. I've thought about coalescing on email address as well however that address may change in certain situations (like marriages and divorces). We're currently coalescing on user ID. This also occurs when a username is misspelled.

Any ideas that could prevent this from the SN side other than policy changes?

KB15 · ‎10-07-2016

I'm answering my own question if anyone else needs a straight forward solution.

It seems that the addition of GUID information via LDAP is the way to go. This is unique to each user regardless of the information displayed in any of the standard fields. Normally this wouldn't be an issue however because of our lack of policy around User ID changes, this is necessary.

As for added enforcement, a business rule was added to prevent the insertion of the same user ID in the case anyone decides to manually add a user account in ServiceNow.

Cleanup of duplicate users was still necessary however from the point you coalesce on the GUID, you won't run into issues with ID changes.

View solution in original post

sourabhd87 · ‎09-08-2016

In that case you can first check first for User id and then for email as chances of changing both at the same time as very less.

I cannot think of any other alternative.

Kind regards,

Sourabh D

jake_mckenna · ‎09-08-2016

If you have to help ServiceNow work around this you are going to need to change some field mappings to work around this. First i would create a new field mapping that is script based and mapping to sys_id. What you are going to want to do is multiple function calls that try to pass back a sys_id to the field mapping and check a few key attributes each time.

1. check against User_id

2. check against email

3. check against first and last name?

if you do not get a positive result by the end we would want to pass in -1 to the field mapping. This is the key to indicate this is truly a new record to the best of our knowledge.

Good Luck!

KB15 · ‎09-21-2016

I've been given a tip to use GUIDs from LDAP. This will probably be the easiest option, at least, on paper. It wouldn't necessarily merge existing "duplicates" but it should mitigate any duplicates ServiceNow imports due to a name change.

I'll post more information as this gets tested if anyone else has a policy that allows for user ID changes.

KB15 · ‎10-07-2016

I'm answering my own question if anyone else needs a straight forward solution.

It seems that the addition of GUID information via LDAP is the way to go. This is unique to each user regardless of the information displayed in any of the standard fields. Normally this wouldn't be an issue however because of our lack of policy around User ID changes, this is necessary.

As for added enforcement, a business rule was added to prevent the insertion of the same user ID in the case anyone decides to manually add a user account in ServiceNow.

Cleanup of duplicate users was still necessary however from the point you coalesce on the GUID, you won't run into issues with ID changes.

GB14 · ‎12-08-2021

Hello KB, We have kind of the same scenario. When a username is misspelled and corrected in AD, 2 accounts with different usernames get created.

Would you be able to share some more information? What table I am creating the table on?

Thanks,
GB