none
Project Server 2013 - Remove user from resource pool via sync RRS feed

  • Question

  • Hello everyone,

    has anyone managed to configure their Project Server 2013 box with a resource pool sync that will actually remove user from the resource pool (disable "User can be assigned as resource" or deactivate users) when the user is removed from the AD group(s)?

    Setup: Single box, SQL 2012 SP1, SharePoint/Project Server 2013 + PU March + CU April. 2 PWA instances, 1 in SharePoint and 1 in Project permission mode. Tried on 2 different machines (different setup, accounts, domains).

    Proceedings:

    1. Create AD user U, AD group G. Add U to G.
    2. Go to PWA, setup resource pool sync with G, sync.
    3. U is now in the resource pool, has no PWA permissions.
    4. Remove U from G. Resync resoure pool.
    5. U is still in resource pool, still a resource, still active, can still be assigned as resource.
    6. Adding U back to G an repeating the whole spiel with a resource pool and a PWA group sync of G will result in U being added and removed from the user list (as expected), and U being added but not removed from the resource pool.
    7. Having read http://technet.microsoft.com/en-us/library/gg982985.aspx and http://technet.microsoft.com/en-us/library/gg750243.aspx, there does not seem to be an omission on my part.

    The first article states:

    Note:

    The corresponding Project Server User Account is not deactivated based on this synchronization. If the same Active Directory user is configured to synchronize with a Project Server security group, the Project Server user account will be inactivated when that synchronization occurs. For more information, see Best practices to configure Active Directory groups for Enterprise Resource Pool synchronization in Project Server 2013.

    Unfortunately, this deactivation either does not seem to occur even with a PWA group sync or I misunderstood the article.

    So, did anyone manage to setup their resource pool sync in a way, that new resource will be added, but also be removed from the resource pool?

    Kind regards,
    Adrian

    Tuesday, May 14, 2013 10:38 PM

All replies

  • Active Directory sync will not remove users from Enterprise Resource Pool.  It will only deactivate them.  You really don't want to remove, because then you will loss data that is associated with the resource.


    Michael Wharton, MVP, MBA, PMP, MCT, MCTS, MCSD, MCSE+I, MCDBA
    Website http://www.WhartonComputer.com
    Blog http://MyProjectExpert.com contains my field notes and SQL queries

    Sunday, May 19, 2013 11:41 AM
    Moderator
  • Hi Adrian,

    you tried to sync the same AD group that you used for the resource pool sync also with a Project Server permission group?

    And on removal of the user of the AD group the project user/resource is not deactivated? Only removed from the group

    Regards

    Christoph


    Christoph Muelder | Senior Consultant, MCSE, MCT | SOLVIN information management GmbH, Germany

    Saturday, June 1, 2013 1:25 PM
  • Active Directory sync will not remove users from Enterprise Resource Pool.  It will only deactivate them.  You really don't want to remove, because then you will loss data that is associated with the resource.

    Hi Michael,

    maybe the wording wasn't ideal on my part, but finding the right nomenclature is tricky in this scenario.

    The resource must not be deactivated, because deactivating means deactivating the whole PWA account. However, I want the account to retain its permission to log on and edit/view projects, but it shall not be available as work resource to be assigned to projects.

    This is exactly what the "User can be assigned as resource." checkbox does. And I'm trying to find a way to make the current sync just remove that checkbox. This will not delete the resource work data, the user retains their permissions, but can no longer be assigned in future projects.

    Kind regards,
    Adrian

    Thursday, June 6, 2013 4:52 PM
  • Hi Adrian,

    you tried to sync the same AD group that you used for the resource pool sync also with a Project Server permission group?

    And on removal of the user of the AD group the project user/resource is not deactivated? Only removed from the group

    Regards

    Christoph

    Hi  Christoph,

    even though I might have tried that before, I tried it again in several constellations. It didn't change anything. The the user will be properly added to and removed from the PWA group whenever I remove them from the AD group, the use will also stay active (but cannot logon without permissions). However, the user will always remain in the resource pool, i.e. the "User can be assigned as resource." checkbox will remain unless it is cleared manually.

    Having re-read the technet articles, none of the scenarios actually seem to descibe or address the process that I require, or maybe I'm just misunderstanding. Let me just try to outline the core issue:

    1. Add user to AD group. Sync AD group with resource pool. User is now a PWA resource and PWA user.
    2. Remove user from AD group, but do not deactivate/delete user from AD.
    3. (Magic happens!)
    4. User cannot be assigned as ressource in PWA.

    So, is there anything to make this step 3 happen, or is it just not possible to sync users out of the resource pool anymore unless they are deleted/deactivated in AD?

    Kind regards,
    Adrian

    Thursday, June 6, 2013 6:22 PM
  • Hello,

    I've got the same issue, and even more. User is in two different groups: one for resource and one for permissions. When you move user from Permission group synchronization will move out user from Project group, user cannot login to server. If I remember well in Project Server 2010 in that case user was deactivated. When user is moved from resource group nothing has happened. If you disable user in AD nothing happened after synchronization, you can still assigned work to this resource. 

    That means you cannot control automatically how many resources are in Project Server!


    Tuesday, December 9, 2014 3:12 PM
  • Hi Maciej1,

    For the issue observed with Project Server 2013 not deactivating resources during sync once the id has been deleted from AD was fixed in September 2014 CU for Project Server 2013 http://support.microsoft.com/kb/2889856. 

    The Fix talks about the scenario:

    1. You create an Active Directory group and add a user to the group.
    2. You sync the Active Directory group to a group in Project Web App (PWA).
    3. You delete the user from the Active Directory group.
    4. You execute the sync operation again.

    In this scenario, the user is still active in PWA. 

    Once you install the CU and then perform a sync. The deleted resources in AD will be marked inactive in PWA.


    Cheers! Happy troubleshooting !!! Dinesh S. Rai - MSFT Enterprise Project Management

    Please click Mark As Answer; if a post solves your problem or Vote As Helpful if a post has been useful to you. This can be beneficial to other community members reading the thread.


    Wednesday, December 10, 2014 9:26 PM
    Moderator