- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-04-2014 01:29 AM
Hi Guys,
So basically as it says in the title we are going to be using around 18 AD servers to get user records but these are all for the same company so domain separation isn't really an option for us.
The reason we have so many AD servers is that each one is a franchise and we aren't allowed to merge the AD servers with our main one, we basically need some way to be able to import the AD records from the 18 servers into one service now.
We were initially thinking of coalescing on the GUID with it being globally unique but i not sure if this would work as we would potentially still end up with some users having the same login name.
Any suggestions or help is very much appreciated.
Thanks
Ryan
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-04-2014 02:53 AM
ahh.
I feel the user_name field will come into play I'm afraid. It is a unique index in Servicenow and when I did look to ask them to remove this and make objectGUID a unqiue index, it ended up with a long discussion with a developer who indicated it had the potential to break quite a lot by making user_name non unique.
After that I went down the prefix route.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-04-2014 02:09 AM
We had the same here with a couple of domains (internal and external) and for name changes
We ended up with either a single account for a user who was on both domains or two accounts for the change of name.
While we could get objectGUID added and use it as a coalese field, we still had the problem of the user_name field being used.
In the end, we left all the users on the internal domain with their normal user_name - julian.poyntz
any user on the external domain were prefixed with the domain prefix - EXT\julian.poyntz
that sorted out the first problem
for people who get married, their old account is disabled and a new one is created- not totally ideal, but it works
Cheers
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-04-2014 02:25 AM
Thanks for the reply Julian, the prefixing may be an option but the thing is that the user accounts are for people who work in different companies that are owned by our parent company, we are basically awarded the contracts to run a franchise and then we have to support their IT, so they all have separate AD servers as we may lose the contract after a few years so we can't link them all into one AD.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-04-2014 02:42 AM
Hi Ryan
our domain structure is setup as follows
- ad.abc.com
- ext.abc.com
- devint.abc.com
We use SSO as well
for our users they know that the need to enter ad\julian.poyntz (internal) or ext\julian.poyntz (external) if they ever get prompted to sign on - only if they are out of the office
are you using SSO or are the users login on as needed ?
Sounds like we are a similar set up - multi country, multi company (and their sub companies), various contracts which may come and go (or transfer to another internal company) and need seperation of data.
two different approaches
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-04-2014 02:47 AM
HI Julian,
We aren't using SSO at the moment as we are only telephone based for the time being, we will be eventually moving to have the self-service portal available so they will need to be able to log in as needed we have some employees that share a desktop as we work in the rail industry and have people at booking offices that don't need a PC each.
we need everyones incidents to be in one place so that each of our reslover groups can see all the data for each franchise.
Thanks