Username synchronization from Active Directory

Jan Mudrák asked on September 29, 2014 09:45

Hi, I would like to ask about following behaviour of AD Import Toolkit:

User login have changed, but SID and GUID attributes in AD remained same. Next AD synchronzation with our import profile resulted in new user, but we just wanted to change its username.

Question: Is it possible for AD Import Toolkit to just update username in this scenario?

Recent Answers

Tomas Hruby answered on November 28, 2014 15:42

Hi Jan,

AD Import matches existing users first by their GUID-s (actually ‘objectGuid’ attribute values) and then by their names. The only prerequisite for it to behave correctly is that the (Kentico) user GUID matches the domain object GUID.

So if the user was initially imported from AD Import, it should be matched. On the other side, if the user was created manually, it won’t be found by AD Import as existing object. This could lead to “recreation” of the user.

I tried to change sAMAccountName attribute and the user was modified successfully. Which attributes have changed in AD? How was the user created (AD Import, manually, windows/mixed-mode authentication)?

0 votesVote for this answer Mark as a Correct answer

   Please, sign in to be able to submit a new answer.