none
Same Username Different User Issue

    Question

  • In my production environment, I had a user, let's say John Doe with the username of JDoe.  The person left the company and we eventually deleted his account from Active Directory.  At that time, there were tickets where this user was the affected user, which were never closed.  We recently hired Jane Doe, which off course received the username JDoe as well.  All of the tickets (opened and closed) that used to say John Doe now say Jane Doe.

    My manager then asked me to do some testing with this in our test environment.  I confirmed that the same happens, if a user has an open ticket and then I created a new user account with the same ID, the tickets for that user change to the new display name.  I am attempting to test what happens if the tickets are closed at the time of deletion.  However, all of a sudden, I can't sync another account with the same username.

    I guess that my post here is a multi question thing.  I have had trouble finding things related to this so I am open to reading through articles if you have those that would point me in the right direction for some of these things.

    1. What does SCSM track when creating a new object for a user?  It appears to be tracking username instead of something potentially more unique like the SID.  Is there a way to change what it tracks?  Is there something I am missing about this?
    2. Any suggestions on getting the account to sync?  I did look for it in Configuration Items -> Users and neither account is there.  I created another view to show CIs with Object Status of Pending Delete or Deleted.  The old account was there and I deleted it, but was still unable to sync the new account.
    3. Is there a best practice on usernames as related to SCSM?  Should we not be reusing usernames?

    Thanks in advance and for reading.


    EDIT : Realized I didn't add the version I am using.  It's 2012 R2 UR9 or 7.5.3079.607.
    Thursday, May 31, 2018 1:12 PM

All replies

  • SCSM is using the combination of Domain Name and Username as primary key for a CI User object.

    This explains why the existing tickets of John Doe are related to Jane Doe now.

    Most of our customers never delete user accounts in AD. But they disable them if the person does not exist in the company anymore. This is not because of SCSM but company rules.

    This makes sure no username can be used again for a different person. In your example JDoe is related to John Doe and JDoe1 would be the username of Jane Doe.

    Please check in the SCSM console at Administration/Deleted Objects if you can find the user object of JDoe. If so remove it from there. Than the sync of the new JDoe should work hopefully again.

    Hope this helps. 

     

    Andreas Baumgarten

    Sunday, June 03, 2018 12:38 PM
    Moderator
  • Sorry for the delay.  I got quite sick for a few days and just didn't have time to get back to this immediately.  

    That is not something that we do as we have a fair number of temps and contractors go through the system on a fairly regular basis.  We keep the accounts for about 30 days before backing them up and deleting them.  I did delete the person but the new account (with the same username) still won't sync.

    Friday, June 08, 2018 3:47 PM
  • If the SMLets are installed on your computer please run the following script on your SCSM Management Server:

    Import-Module SMlets -Force
    $Username = “JDow“
    $UserClass = Get-SCSMClass -name System.Domain.User$
    Get-SCSMObject -Class $UserClass -Filter "Username -eq $Username"

    There should be no user object found.

    Could you please create an additional AD connector that is syncing the affected AD user account only.

    Hope this helps.

    Saturday, June 09, 2018 10:33 PM
    Moderator