How to Maintain Same sys_id for User Records Across Dev and Prod When Using Single AD Source?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Tuesday
Hi All,
We have a single Active Directory (AD) source that integrates with both our Dev and Prod instances to create user records. Currently, when the same user is synced to both environments, two different sys_id values are generated for the user record.
Is there a way to ensure that both Dev and Prod have the same sys_id for the same user?
- We want consistency for integrations and references across environments.
- The challenge is that sys_id is auto-generated when a record is created.
Regards,
Hrithika Paida
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Tuesday
Hi Buddy,
Unfortunately it’s not something you can really control with a standard AD integration.
Each ServiceNow instance generates its own sys_id values locally. So even if the same user is coming from the same Active Directory source, when that user is created separately in Dev and Prod, each instance will generate a different sys_id. There’s no supported way to force LDAP/AD to create users with the same sys_id across instances.
There are only a couple of scenarios where sys_ids can line up:
If users are created in one instance (usually Prod) and the data is cloned down to Dev/Test, the sys_ids are preserved.
If you manually move users using XML export/import, the sys_id is kept — but that’s not practical for ongoing sync.
Because of this, the recommended best practice is not to rely on sys_id across environments. Instead, integrations should use a stable identifier that’s the same everywhere, such as:
user_name
email
employee_number
AD objectGUID (stored on the user record)
That way, Dev and Prod can differ internally but still line up cleanly for integrations and references.
If keeping sys_ids aligned is absolutely critical, the only real option is to create/manage users in Prod and keep lower environments aligned via clones — but most teams avoid that and design integrations around a stable business key instead.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Tuesday
Hi @Hrithikah
No, sys_id cannot be forced identical across Dev/Prod instances for AD-imported users. ServiceNow generates unique 32-character GUIDs per record creation, and there’s no supported configuration to override this for sys_user during LDAP/AD imports.
Solution workaround:
Reference by External ID (Recommended)
Transform Map → Coalesce Field: u_ad_guid (AD objectGUID)
// Script Include: UserLookup
var UserLookup = Class.create();
UserLookup.prototype = {
getUserByADGuid: function(adGuid) {
var user = new GlideRecord('sys_user');
user.addQuery('u_ad_guid', adGuid); // Your AD unique ID field
user.query();
if (user.next()) return user.sys_id;
}
};
->Integration Usage:
var adGuid = 'ad-user-unique-guid';
var snUserId = new UserLookup().getUserByADGuid(adGuid);
Thanks,
Shailendra
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Tuesday
@Hrithikah - Hopefully this solve your question
