Jump to content

Name change preventing access to old requests


Recommended Posts

Hi @Stuart Torres-Catmur 

If you have created in effect a duplicate account for the user in Service Manager - i.e the old AD account and now their new AD account. Then when logged in via the new account they will only be able to view requests logged against the new user account.  

In Service Manager terms these will be seen as two different users and as such not allow visibility of one and another requests on the customer portal.

If you find yourself in this situation one thing you could do (as an analyst) is a search on the request list / view for all their requests under their old customer name (Account) and then use the Change Customer option in the requests to set them to the new account - once you have done this you could then set the customer's old account to Archived (not deleted)

Is it an option when users on AD need a name change, that their AD account are renamed rather than replaced, so any synchs to solutions  through LDAP provisioning are not broken and their unique identifer are not changed?  I am no AD administrator so feel free to shoot that approach down :)  

Steve

Link to comment
Share on other sites

@Steven Boardman

The change customer option is something I would like to see under the "multiple actions" - or you have to do this one at a time. This is not good if the customer has lots of requests under the old name.

At the moment I only change the names if the customer wants it - but I would prefer to change them with every name change.

Nasim

Link to comment
Share on other sites

We used to get around this in Supportworks by having the sID as the userID, as this does not change unless you completely remove the AD account and replace it with a new one.

I'm not sure that's possible, or if it is, whether it's practical in Service Manager.

Link to comment
Share on other sites

We have this issue also, whereby we have a name change request, change the name in AD and the LDAP creates a completely new account for the user.

12 hours ago, Steven Boardman said:

Is it an option when users on AD need a name change, that their AD account are renamed rather than replaced, so any synchs to solutions  through LDAP provisioning are not broken and their unique identifer are not changed?  I am no AD administrator so feel free to shoot that approach down :)  

The issue is when the name changes the sAMAccountName also changes 

 Is there not a way of utilising the SID from AD (which is created on account creation and stays the same during name changes etc) 

Link to comment
Share on other sites

@nasimg @Stuart Torres-Catmur I have raised a request for the Change Customer action to be added to the multi-select options on the request list, so making the dealing with this scenario a little easier to administer when you have the name changes. 

As i understand it the LDAP provisioning utility will allow you to use any AD Attribute as the unique identifier including SID, but this may not have been the chosen attribute for most, as this value is then the customer ID in Hornbill, and this may not have been a meaningful value compared to the SAMAccountName when the Customer ID is displayed in the Hornbill UI in various places.

We are looking at improvements in this area too, but i would NOT suggest changing your LDAP Provisioning mapping at this stage to use the SID as existing customers, as this will result in new Duplicate Hornbill User Accounts being created in Hornbill for all your users.

We will post back here once the multi-select change action is scheduled to be available. 

Link to comment
Share on other sites

@Steven Boardman if you could add a sID type field to the user accounts that we could add a unique id to from LDAP that would be the ideal solution, as then the Hornbill user accounts could follow the same rules of the sID would have to be changed to have a new user created. As the sID would never change we could change other variables (name and email address) and still have all tickets linked to the correct user. 

As you say the sID is not usable for the user ID as the sID is made up of 28 bytes (if I remember correctly, I believe the 'friendly' format may vary in actual character length) 

GUIDs are shorter (16 bytes I think) but both can be pulled from AD with LDAP.

Link to comment
Share on other sites

  • 1 month later...

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

×
×
  • Create New...