Active Directory Sync not updating Surname

[SGauvin]

I searched the forum and found this posting that indicates SURNAME is one of the attributes that is automatically updated as part of the sync process -> 

 

 

I have encountered a user who's Surname was changed in Active Directory and it is not reflected in PasswordState.  I manually compared AD to PasswordState, and the Email Address got updated in PasswordState but not the Surname.

 

I checked the setting in Administration -> System Settings -> Active Directory Options and didn't see anything specific for Surname.   Is there a configuration setting somewhere that needs to be set to enable the Surname to be synced?

 

I'm currently on version 9.3 (build 9300).

 

Thanks...Scott

[support]

Hello SGauvin,

 

Sorry if that article is not clear. All those field names are synchronized when adding users into the system. We've also updated that forum post to reflect the information below.

 

When they already exist, the following fields can be updated:

• Department
• Office
• Email Address
• User Principle Name
• Enabled/Disabled status

Regards

Click Studios

[SGauvin]

Based on what you provided it can be assumed that Surname (and FirstName) do NOT automatically get updated.

 

When I look at a User record ALL fields except UserID , FirstName and Surname are kept in sync with AD.

• Not updating UserID is logical as this is a unique identifier that should not change (if it changes then it is assumed it is a new user)

What is the logic for not updating (syncing with AD) FirstName and Surname?

 

Thanks...Scott

[support]

Hi Scott,

 

Our logic for not updating FirstName and Surname is that generally any time these would changes in AD, so would the sAMAccountName field - which is mapped to UserID in Passwordstate.

 

And this UserID field is used heavily in encrypted fields for users. If the UserID field were to change, then you effectively need to import the "new" AD Account into Passwordstate, and then clone permissions on the screen Administration -> User Accounts.

I hope this clarifies.

Regards

Click Studios

[SGauvin]

I would consider changing the logic, so PasswordState only relies on the sAMAccountName field from AD to match / create a new user-account.   Surname and FirstName should be handled independently, as not all organizations base their sAMAccountName on these fields.  

 

At our organization when a person gets married (or divorced) they can request a Surname change, but we don't generate a new sAMAccountName we simply update the Surname field.  Same occurs if a person has a change in gender and their FirstName changes.  

 

I understand the importance of UserID and totally agree with the implications of changing it, but this should be tied to the sAMAccountName field only (not the name fields).   

 

Hopefully you agree and will consider allowing automatic updates of FirstName and Surname in a future release.

 

Thanks...Scott

[support]

Thanks Scott.

 

I will move this thread to Feature Requests.

Regards

Click Studios