Jump to content

Recommended Posts

Posted

Hi guys,

 

In our environment we have a bunch of Unixen. When spinning up new hosts we frequently quickly add the host and its accounts manually into PasswordState. However, we've then noticed that the account discovery jobs creates a duplicate of the accounts in question. Is there a way to prevent this?

 

* We've set up the object names to match the formating that the discovery job would add.

* The identical username is used.

* The object is linked to the exact same host.

 

What gives? Is it better to just re-run discovery after upping a new host? I would certainly still like to know how to prevent this duplication though...

 

Posted

Hi Buckit,

 

Could you email us screenshots of both records, because it should not be duplicating them if the details are the same - unless there is a bug of course.

Thanks

Click Studios

Posted

I'll get on it right away..

 

EDIT:

Ah darn, I just realized that I cannot show you the screenshots as they contain identifying information for our environment.

 

Can you tell me which exact fields the discovery job uses to determine whether the object in question already exists? While waiting for you, I'll try and poke through the code to see if I can't find my answer :)

Posted

I've compared the original and the duplicate discovered objects. Up until yesterday there were more differences, but right now the only differences are:

 

* Description: their description is wildly different

* Account Type: Linux vs CentOS

* Password List: the original is in the desired list, while the newly discovered one is in the list I made specially for that purpose called "Newly Discovered".

 

Now, I sincerely hope that the password list is not taken into account into determining whether an account should be imported :D

 

I can understand that maybe the type would influence the decision, but I would not care for the description playing a role.

 

For now, I will set the account type to what is found in AD. Then I'll clean up the dupes and rerun the discovery.

Posted

Hi Buckit,

 

The following is what we check to see if an existing account exists in a Password List or not - this is in any Password List, just not the one selected on the Account Discovery Job.

  • The Password List must be enabled for Resets
  • Username field (must be identical i.e. if a domain account is specified as username@domain.com then this is not the same as domain\username)
  • HostID - this is the Host record in Passwordstate
  • AccountTypeID - this is the account type selected on the password record

So without seeing your data, I would guess that possibly there was a different type of Account Type selected for your already existing records.

We hope this helps.

Regards

Click Studios

Posted
3 hours ago, support said:

So without seeing your data, I would guess that possibly there was a different type of Account Type selected for your already existing records.

 

Bingo, that'd be it.

 

Thank you very much for your help! I appreciate it.

 

EDIT:
Odd, even after syncing the account types, the discovery job still created the duplicate. I'll poke around some more.

 

EDIT 2:

Solved... I only  re-tested with the acounts for one host and would you believe that it was this particular host that was also mis-registered in AD? :D

You were right @Support: the issue was with the type definition.

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...