/build/static/layout/Breadcrumb_cap_w.png

How to stop KACE from creating duplicate users from AD sync when name changes

We have had a few staff members get married and need their name changed. We make the edits in AD and I believed that KACE would update accordingly. Instead, it just creates a new user with the new last name. How can KACE be set up to update the existing user instead of making a new one?


Asked 6 years ago 1637 views
0 Comments   [ + ] Show comments

Answers (1)

Posted by: Channeler 6 years ago
Red Belt
0
Kace uses a database for users.

Each entry will have attributes such as Name, last name, email, samaacountname, telephone etc. 

One of those attributes needs to be the Primary Key, that means the unique value, this is a string that is unique to a person, let's say ID or sometimes email is a good Primary Key. 

The kbox does not sync with AD FYI, the kbox will just import new users and update values. 

So depending who you guys configured your Ldap imports... The kbox will update or create new entries based on the primary key. 

If email is your Primary Key and your email changes because you are now married.... The Kbox will say you are a new user. 

The Primary Key, when picking an attribute you gotta be careful, make sure is indeed unique and will not change. 
Comments:
  • I cannot find where to set a primary key in the LDAP settings in KACE. Where is that? - jessburd 6 years ago
    • Cheking the attributes mapping from your current LDAP import schedule (the one with the bell In LDAP authentication). You might have more than one depending on scope and roles

      Anyway, there, step 2 o 3, is "Define mapping between User attributes and LDAP attributes"

      Post a picture of your current mapping. - Channeler 6 years ago
      • I put the picture in the origianl question as I have not figured out how to post an image as a reply or comment. - jessburd 6 years ago
    • OK i see your screenshot... so...

      Why is it Primary Email mapped to the attribute "userprincipalname" ?

      Primary Email is part of the Primary key, this explains why you are creating new users instead of updating existing ones, every-time a user import from LDAP happens.

      Primary email should be mapped to the AD attribute named "mail"

      See:
      https://www.photobox.co.uk/my/photo/full?photo_id=500656816631 - Channeler 6 years ago
      • To be honest, this was set up prior to my hire and I have not reviewed it before now. I will review this and see what is the best course of action. My concern now is that changing it will cause everyone to be duplicated. Meaning there would be a lot of cleanup if I have to go in and change tickets, inventory, and devices.
        I was not able to view the image that your linked in the post above. - jessburd 6 years ago

Posted by:

jessburd Purple Belt
Ninja since: 6 years ago

Don't be a Stranger!

Sign up today to participate, stay informed, earn points and establish a reputation for yourself!

Sign up! or login

View more:

KACE Product Support Questions
question

Related Questions

Link

Related Links

Post

Related Posts

Share

 
This website uses cookies. By continuing to use this site and/or clicking the "Accept" button you are providing consent Quest Software and its affiliates do NOT sell the Personal Data you provide to us either when you register on our websites or when you do business with us. For more information about our Privacy Policy and our data protection efforts, please visit GDPR-HQ