What is the best way to sync accounts with AD? Currently using AD sysID (AD sid) to sync

Priyankamahajan
Tera Contributor
 
10 REPLIES 10

Sumanth16
Kilo Patron

Hi @Priyankamahajan , 

 

Please refer to below article:

https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB0820149

 

If I could help you with your Query then, please hit the Thumb Icon and mark it as Correct !!

 

Thanks & Regards, 

Sumanth Meda

AshishKM
Kilo Patron
Kilo Patron

Hi @Priyankamahajan

 

ServiceNow and AD sync, you must be using LDAP Server configuration. 

 

Regarding the unique user data, if you are using any primary/or/unique from AD then user table must have that key, the risk part, if some one change/or/update any de-active AD account and trying to use same for new user then, ServiceNow will also update (if condition matched ) the old record with new user profile, which will reflect in all old records. So to avoid this, add one more field in transform map ( like employee number ) with coalesc true.

 

-Thanks,

AshishKM


Please mark this response as correct and helpful if it helps you can mark more that one reply as accepted solution

Thanks Ashish for your inputs, the question now is as we are using AD Sid, how can we get those AD sids in Service now?

 

Check the User [sys_user ] table, if there is some custom column for AD sid, If not, then which column is considered for primary/or/unique and which column is mapped in LDAP transform map as coalesc true.

 

You need to create new column for AD sid in sys_user table and map them in LDAP Data Source Transform Map. ( If you need to store this )

 

Check the current transform map first and share the details on coalesc column ( source & target both )

 

 

 

 

 


Please mark this response as correct and helpful if it helps you can mark more that one reply as accepted solution