SGauvin Posted February 16, 2022 Posted February 16, 2022 I searched the forum and found this posting that indicates SURNAME is one of the attributes that is automatically updated as part of the sync process -> I have encountered a user who's Surname was changed in Active Directory and it is not reflected in PasswordState. I manually compared AD to PasswordState, and the Email Address got updated in PasswordState but not the Surname. I checked the setting in Administration -> System Settings -> Active Directory Options and didn't see anything specific for Surname. Is there a configuration setting somewhere that needs to be set to enable the Surname to be synced? I'm currently on version 9.3 (build 9300). Thanks...Scott
support Posted February 16, 2022 Posted February 16, 2022 Hello SGauvin, Sorry if that article is not clear. All those field names are synchronized when adding users into the system. We've also updated that forum post to reflect the information below. When they already exist, the following fields can be updated: Department Office Email Address User Principle Name Enabled/Disabled status Regards Click Studios
SGauvin Posted February 17, 2022 Author Posted February 17, 2022 Based on what you provided it can be assumed that Surname (and FirstName) do NOT automatically get updated. When I look at a User record ALL fields except UserID , FirstName and Surname are kept in sync with AD. Not updating UserID is logical as this is a unique identifier that should not change (if it changes then it is assumed it is a new user) What is the logic for not updating (syncing with AD) FirstName and Surname? Thanks...Scott
support Posted February 17, 2022 Posted February 17, 2022 Hi Scott, Our logic for not updating FirstName and Surname is that generally any time these would changes in AD, so would the sAMAccountName field - which is mapped to UserID in Passwordstate. And this UserID field is used heavily in encrypted fields for users. If the UserID field were to change, then you effectively need to import the "new" AD Account into Passwordstate, and then clone permissions on the screen Administration -> User Accounts. I hope this clarifies. Regards Click Studios
SGauvin Posted February 18, 2022 Author Posted February 18, 2022 I would consider changing the logic, so PasswordState only relies on the sAMAccountName field from AD to match / create a new user-account. Surname and FirstName should be handled independently, as not all organizations base their sAMAccountName on these fields. At our organization when a person gets married (or divorced) they can request a Surname change, but we don't generate a new sAMAccountName we simply update the Surname field. Same occurs if a person has a change in gender and their FirstName changes. I understand the importance of UserID and totally agree with the implications of changing it, but this should be tied to the sAMAccountName field only (not the name fields). Hopefully you agree and will consider allowing automatic updates of FirstName and Surname in a future release. Thanks...Scott
support Posted February 18, 2022 Posted February 18, 2022 Thanks Scott. I will move this thread to Feature Requests. Regards Click Studios
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now