How to edit active directory source

Version 6

    Verified Product Versions

    Endpoint Manager 9.6Endpoint Manager 2016.x

    Problem:

    Our Active directory source has changed, the existing LDAP path pointing to a our DC has been decommissioned. When I edit the path it creates a new entry. I cannot remove decommissioned path since there are users added from AD and cannot add same users in the new path because it already has user from non-existing path.

    Solution:

    You need to move any user that is curently using the old LDAP connection as defined by the IDN for the LDAP to the new connection as defined by the IDN of the new LDAP.

    1. Locate the APM_LDAP_SERVER table in your LDMS Database and note the APM_LDAP_SERVER_IDN of your current LDAP connection. Lets say that it is "1".

    ldap1.png

    2. Create the new LDAP connection. DO NOT delete the old one yet.

    3. Now go back to your database, to the APM_LDAP_SERVER table, and note the APM_LDAP_SERVER_IDN of your new LDAP connection. Lets say it is "2".

    ldap2.png

    ***Make sure you backup the database before you proceed to the next step.***

    4. Now execute the following SQL statement;

     

        update ConsoleUser set APM_LDAP_SERVER_IDN = '2' where APM_LDAP_SERVER_IDN = '1'

     

    **Change out the values of 1 & 2 to your LDAP values gathered in steps 1 and 3 above.**

     

    5. This will move all of your users and all of their settings to your new LDAP connection.

     

     

    6. The following statements that will change the LDAP queries as well;

     

         update apm_policy_query set ldap_server_dbid = '2' where ldap_server_dbid = '1'

         update apm_policy_query set queryroot = 'newLDAPname' where queryroot = 'oldLDAPname'\

     

    **Change out the 1 & 2 for the corresponding values gathered in steps 1 and 3 above, and replace the "oldLDAPname" and "newLDAPname" with the correct values.

     

    7. Check your ld_ldap_targets table in your DB and tell me if you have anything in there with values in the ldap_source_Idn column that match the values from the consoleuser table, you will also need to run the following statement;

     

         update ld_ldap_targets set ldap_source_Idn = '2' where ldap_source_Idn = '1'

     

    **Change out the values of 1 & 2 to your LDAP values gathered in steps 1 and 3 above.**

     

    8. Running this will go pretty quick. It will depend on the # of users that you have in your DB. Running it after hours is probably not necessary, but is a good idea if you can wait.