1 Reply Latest reply on Sep 19, 2016 11:37 AM by Senta

    End User Import - Changes to Department/Customer

    talljed Apprentice

      Hi,

       

      What is the best way to manage users and changes to their group memberships? I have noticed that some of our users who are being imported through an Active Directory connection have multiple Department groups. This appears to be happening if the user changes his dept on AD, landesk just adds an extra group. Is there an automated method to managing this?

       

      Thanks

        • 1. Re: End User Import - Changes to Department/Customer
          Senta SupportEmployee

          Hello Talljed,

           

          I make a few assumptions, let me know if some of them are wrong:

          1) AD groups are linked (maybe by name) to an SD group

          2) all AD groups are linked with SD groups before any linking between user and groups are done in SD (otherwise, SD would not be able to link users to groups)

           

          Now let us dig a bit deeper into the groups in SD.

          Every user can be a member of one or more groups in SD, which is represented by a Groups collection on the User Object.

          The user can (in web access not in Self Service) change their current group out of the groups in this collection.

          SD can only add Objects to a collection and not delete them. Therefore a user who changes groups in AD will hold these two linked SD groups (old and new) in their collection.

          -> So far the explanation why this is happening.

          You can set during import the current group of the user by adding this to the import mapping, but - as the groups are still in the user's collection - they can switch between them.

          -> The solution

          Could be a trigger on the database to delete all the groups from the users, should the group not be the current group.

          Triggers can be tricky and need to be checked thoroughly to ensure that they are fit for purpose in your environment.

          We, therefore, cannot give you any ready made trigger here.

          Please seek assistance from your DBA or our Professional Services Consultants to set such a trigger up.