Name change preventing access to old requests

[Stuart Torres-Catmur]

Hi

One of our staff has changed name.  This means she has a new Active Directory account and through LDAP provisioning, a new Service Manager.  How does she access requests she logged prior to her name change? (i.e. logged under her old user name

[Steven Boardman]

Hi @Stuart Torres-Catmur 

If you have created in effect a duplicate account for the user in Service Manager - i.e the old AD account and now their new AD account. Then when logged in via the new account they will only be able to view requests logged against the new user account.  

In Service Manager terms these will be seen as two different users and as such not allow visibility of one and another requests on the customer portal.

If you find yourself in this situation one thing you could do (as an analyst) is a search on the request list / view for all their requests under their old customer name (Account) and then use the Change Customer option in the requests to set them to the new account - once you have done this you could then set the customer's old account to Archived (not deleted)

Is it an option when users on AD need a name change, that their AD account are renamed rather than replaced, so any synchs to solutions  through LDAP provisioning are not broken and their unique identifer are not changed?  I am no AD administrator so feel free to shoot that approach down   

Steve

[nasimg]

@Steven Boardman

The change customer option is something I would like to see under the "multiple actions" - or you have to do this one at a time. This is not good if the customer has lots of requests under the old name.

At the moment I only change the names if the customer wants it - but I would prefer to change them with every name change.

Nasim

[Steve Giller]

We used to get around this in Supportworks by having the sID as the userID, as this does not change unless you completely remove the AD account and replace it with a new one.

I'm not sure that's possible, or if it is, whether it's practical in Service Manager.

[Dan Munns]

We have this issue also, whereby we have a name change request, change the name in AD and the LDAP creates a completely new account for the user.

12 hours ago, Steven Boardman said:

Is it an option when users on AD need a name change, that their AD account are renamed rather than replaced, so any synchs to solutions  through LDAP provisioning are not broken and their unique identifer are not changed?  I am no AD administrator so feel free to shoot that approach down   

The issue is when the name changes the sAMAccountName also changes 

 Is there not a way of utilising the SID from AD (which is created on account creation and stays the same during name changes etc) 

[Dan Munns]

@DeadMeatGF lol. Guess that's what happens when I type a post, get distracted for an hour and then just hit post.....

26 minutes ago, DeadMeatGF said:

We used to get around this in Supportworks by having the sID as the userID

[Steve Giller]

13 minutes ago, Dan Munns said:

@DeadMeatGF lol. Guess that's what happens when I type a post, get distracted for an hour and then just hit post.....

[Steven Boardman]

@nasimg @Stuart Torres-Catmur I have raised a request for the Change Customer action to be added to the multi-select options on the request list, so making the dealing with this scenario a little easier to administer when you have the name changes. 

As i understand it the LDAP provisioning utility will allow you to use any AD Attribute as the unique identifier including SID, but this may not have been the chosen attribute for most, as this value is then the customer ID in Hornbill, and this may not have been a meaningful value compared to the SAMAccountName when the Customer ID is displayed in the Hornbill UI in various places.

We are looking at improvements in this area too, but i would NOT suggest changing your LDAP Provisioning mapping at this stage to use the SID as existing customers, as this will result in new Duplicate Hornbill User Accounts being created in Hornbill for all your users.

We will post back here once the multi-select change action is scheduled to be available. 

[Dan Munns]

@Steven Boardman if you could add a sID type field to the user accounts that we could add a unique id to from LDAP that would be the ideal solution, as then the Hornbill user accounts could follow the same rules of the sID would have to be changed to have a new user created. As the sID would never change we could change other variables (name and email address) and still have all tickets linked to the correct user. 

As you say the sID is not usable for the user ID as the sID is made up of 28 bytes (if I remember correctly, I believe the 'friendly' format may vary in actual character length) 

GUIDs are shorter (16 bytes I think) but both can be pulled from AD with LDAP.

[Stuart Torres-Catmur]

Thanks for all the comments and work in progress.