none
Project Server Active Directory Sync for Disabled Accounts RRS feed

  • Question

  • We are running Project Server 2016 and having some trouble with the user sync behavior.

    For business reasons, we will always have several accounts who are temporarily set "Disabled" in AD, some of which we need as resources in PWA.

    When we run the sync with those disabled accounts in the AD groups, it brings them in, but throws a non-blocking error and puts their PWA users in a strange state where the "User can be assigned as a resource" box is unchecked, and their "User logon account:" field is filled in, but has the red squiggles saying they can't be found in AD. We now have over 200 users like this.

    As a side note: One of my co-workers has discovered if you click directly on the name with the squiggles, it permanently tricks PWA into seeing the disabled account in AD - not sure if that's a good or a bad thing.

    We have since removed the disabled accounts from the AD group we're syncing which solves the sync issue going forward, but creates a new problem for us:

    We need some of those disabled AD accounts to have resources in PWA until the time comes that they can be activated in AD. That's fine, there aren't a ton of them and we can just manually create their resources. The trouble comes when they are eventually activated in AD and sync runs, it doesn't try to match to any existing resources, it just creates a new user/resource. I see that the Edit Resource page lets me link it to an AD account once they're re-enabled, and that prevents sync from creating a duplicate resource so that's good, but it also requires the IT person who enables their AD account to log into PWA and link their resource manually, and do so before sync gets a chance to run again.

    The behavior I would intuitively expect to see is: if an account is "Disabled" in AD and is a member of the group to be synced (and user/resource doesn't exist in PWA), then when sync runs it would create the user/resource, and set them inactive - no errors, no squiggles, everything happy.

    I'm just trying to establish whether any of this user sync behavior is perhaps bug-related, or not working as intended.

    Thanks,

    Chris

    Friday, March 1, 2019 6:50 PM