What is the best way to sync accounts with AD? Currently using AD sysID (AD sid) to sync

Priyankamahajan · ‎02-20-2024

Sumanth16 · ‎02-20-2024

Hi @Priyankamahajan ,

Please refer to below article:

https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB0820149

If I could help you with your Query then, please hit the Thumb Icon and mark it as Correct !!

Thanks & Regards,

Sumanth Meda

AshishKM · ‎02-20-2024

Hi @Priyankamahajan,

ServiceNow and AD sync, you must be using LDAP Server configuration.

Regarding the unique user data, if you are using any primary/or/unique from AD then user table must have that key, the risk part, if some one change/or/update any de-active AD account and trying to use same for new user then, ServiceNow will also update (if condition matched ) the old record with new user profile, which will reflect in all old records. So to avoid this, add one more field in transform map ( like employee number ) with coalesc true.

-Thanks,

AshishKM

Please mark this response as correct and helpful if it helps you can mark more that one reply as accepted solution

Priyankamahajan · ‎02-22-2024

Thanks Ashish for your inputs, the question now is as we are using AD Sid, how can we get those AD sids in Service now?

AshishKM · ‎02-22-2024

Check the User [sys_user ] table, if there is some custom column for AD sid, If not, then which column is considered for primary/or/unique and which column is mapped in LDAP transform map as coalesc true.

You need to create new column for AD sid in sys_user table and map them in LDAP Data Source Transform Map. ( If you need to store this )

Check the current transform map first and share the details on coalesc column ( source & target both )

Please mark this response as correct and helpful if it helps you can mark more that one reply as accepted solution