Kiwipedro

Peter are you saying that this should work for all AD records that one wishes to import? I also notice that more data comes across when we perform a lookup from within service-now into the LDAP server and OI wanted to know what you may suggest for capturing this data? I can bring some of the fiends into the user record within service-now, but there are some fields that I try to bring in and they do not come across such as manager and employee ID, any suggestions?

In answer to your query:

"Peter are you saying that this should work for all AD records that one wishes to import?"

Yes, all AD objects have GUIDs, although it will only be user objects that you are are interested in importing.

"I also notice that more data comes across when we perform a lookup from within service-now into the LDAP server and OI wanted to know what you may suggest for capturing this data?"

If you are referring to the LDAP Browser, then you will be viewing all of the populated fields in all of the AD objects that are defined by your filter . This normal for an LDAP Browser utility: you are really just testing to make sure that your filter is working properly. You can limit the attributes returned if you so wish.

"I can bring some of the fiends into the user record within service-now, but there are some fields that I try to bring in and they do not come across such as manager and employee ID, any suggestions?"

Not sure what to suggest here, as there could be multiple reasons why this is not behaving the way you expect it:

1. Check your transform map - make sure that you have the correct field name in AD matching up to the appropriate field in the sys_user table

2. Check which fields are coalescing: you should only have one

3. Check the source field on a user record (you will have to change the form layout to make it visible). If the object has come from AD it will have a properly formed distinguished name - e.g. dn:CN=Joe Bloggs,OU=users,DC=mycompany,DC=com. Check that carefully against what is in your AD and make sure it matches. I had an issue where the DN was too long for the source field because the users were nested under a lot of OUs. In that case you can adjust the length of the source field in the dictionary.

4. If you are using "Active Directory User and Computers" then the employee ID is not visible by default (in 2003 at least). You have to mess with the .dll to make it so. So make sure (you can use the LDAP browser, ADSIedit or PowerShell etc) that the field that holds the employee ID is the one you are expecting and check that it is populated in AD.

5. The Manager is a DN field in AD - is it the case that you are seeing the DN? In order for the field to match up to another user record in sys_user you need to make sure you run a transform script


Thanks
Peter