Does anyone have any examples of what they have used to limit the users that are returned?
‎Jun 25, 2019 07:07 AM
To elaborate, the following would be a custom query which would filter out users which had the name support or service:
SELECT DISTINCT givenName0 AS FirstName, sn0 AS LastName, DisplayName0 AS DisplayName,
Network_Operating_System0 AS OS, physicalDeliveryOfficeNam0 AS Office,
l0 AS City, vru.postalCode0 AS PostalCode, department0 AS Department, title0 AS Title,
User_Name0 AS UserName, mail0 AS Email, manager0 AS Manager, vru.ResourceID AS UserResourceID,
distinguished_Name0 AS ADSPath, Full_User_Name0 AS FullName, Name0 AS Name, Unique_User_Name0 AS UniqueName,
Windows_NT_Domain0 AS UserDomain, company0 AS Company, ra.User_OU_Name0 AS UserOU
FROM v_R_User AS vru
LEFT JOIN v_RA_User_UserOUName ra on ra.ResourceID = vru.ResourceID
Where vru.Name0 Not Like '%service%'
AND vru.Name0 Not Like '%support%'
One thing I forgot to mention previously is that after you add your custom user query, I'd recommend deleting the old data in WD_User prior to performing another sync.. This will ensure that only those users in the custom query will exist in WD_User.
Thanks
Charles
‎Jun 25, 2019 07:35 AM - edited ‎Jun 25, 2019 07:36 AM
Please note that there is a Custom User ID Sync SQL Query and a Custom User Sync SQL Query. The examples from Charles put the WHERE clause on the Custom User Sync SQL Query; however, I always recommend putting any filter clauses on the Custom User ID Sync SQL Query. The way the sync process works is that it first runs the user ID query to get a list of all user resource ID's that match the criteria. Then we break that list up into pages based on the page size you've defined in your settings and we run the user query to get the user details for those resource ID's, one page at a time. If you put the filter on the user ID query, it will bring back a smaller set of resource ID's, which will result in fewer pages, which will result in shorter sync times.
Here are a couple examples that I have used with customers to overcome various issues (in both cases, the Standard User Sync SQL Query can remain unchanged):
Collection-Based User Limiting
App Portal's licensing model has been changed (as of 2015) to user-based licensing instead of device-based licensing. However, the limiting view/collection in the site settings was never changed to match, so in order to remain in compliance with your user-based license count, it is best to create an SCCM user collection containing only the user accounts that are licensed to use App Portal. Then you can use a custom query to pull in only those users and ignore accounts like service accounts, test accounts, and admin accounts.
SELECT ResourceID AS UserResourceID FROM v_CM_RES_COLL_CM10029D ORDER BY SMSID
…where CM10029D is the collection ID of the desired user collection to use for limiting. This will limit the list of resource ID's to only those users that are in the selected user collection.
Skip Duplicate User Records in SCCM
Under rare circumstances, I have seen customers where SCCM has more than one user record with the same user name but different resource ID's. This is typically more common with computer records, where reimaging a machine with the same machine name can result in a new resource ID (and a similar custom query can be used for the Custom Computer ID Sync SQL Query). In both cases, you'll see unique key constraint violation errors in the data sync error log. To avoid this and only pull in non-duplicate user records from SCCM...
SELECT vru.ResourceID as UserResourceID FROM v_R_User vru WHERE (SELECT COUNT(ResourceID) FROM v_R_User WHERE User_Name0 = vru.User_Name0) = 1 ORDER BY vru.Name0Note 1: Users with duplicate records will not be synced into App Portal. This will prevent them from using App Portal. If you run into a user that is not able to use App Portal and you don't see their account in App Portal, but they do show up in SCCM, make sure there are not duplicate records in SCCM for that user. If so, you'll need to remove all of the duplicate records and keep only the one you want (usually the one with the highest ResourceID).
‎Jun 26, 2019 01:27 PM - edited ‎Jun 26, 2019 01:29 PM
‎Jun 25, 2019 07:27 AM
To elaborate, the following would be a custom query which would filter out users which had the name support or service:
SELECT DISTINCT givenName0 AS FirstName, sn0 AS LastName, DisplayName0 AS DisplayName,
Network_Operating_System0 AS OS, physicalDeliveryOfficeNam0 AS Office,
l0 AS City, vru.postalCode0 AS PostalCode, department0 AS Department, title0 AS Title,
User_Name0 AS UserName, mail0 AS Email, manager0 AS Manager, vru.ResourceID AS UserResourceID,
distinguished_Name0 AS ADSPath, Full_User_Name0 AS FullName, Name0 AS Name, Unique_User_Name0 AS UniqueName,
Windows_NT_Domain0 AS UserDomain, company0 AS Company, ra.User_OU_Name0 AS UserOU
FROM v_R_User AS vru
LEFT JOIN v_RA_User_UserOUName ra on ra.ResourceID = vru.ResourceID
Where vru.Name0 Not Like '%service%'
AND vru.Name0 Not Like '%support%'
One thing I forgot to mention previously is that after you add your custom user query, I'd recommend deleting the old data in WD_User prior to performing another sync.. This will ensure that only those users in the custom query will exist in WD_User.
Thanks
Charles
‎Jun 25, 2019 07:35 AM - edited ‎Jun 25, 2019 07:36 AM
Please note that there is a Custom User ID Sync SQL Query and a Custom User Sync SQL Query. The examples from Charles put the WHERE clause on the Custom User Sync SQL Query; however, I always recommend putting any filter clauses on the Custom User ID Sync SQL Query. The way the sync process works is that it first runs the user ID query to get a list of all user resource ID's that match the criteria. Then we break that list up into pages based on the page size you've defined in your settings and we run the user query to get the user details for those resource ID's, one page at a time. If you put the filter on the user ID query, it will bring back a smaller set of resource ID's, which will result in fewer pages, which will result in shorter sync times.
Here are a couple examples that I have used with customers to overcome various issues (in both cases, the Standard User Sync SQL Query can remain unchanged):
Collection-Based User Limiting
App Portal's licensing model has been changed (as of 2015) to user-based licensing instead of device-based licensing. However, the limiting view/collection in the site settings was never changed to match, so in order to remain in compliance with your user-based license count, it is best to create an SCCM user collection containing only the user accounts that are licensed to use App Portal. Then you can use a custom query to pull in only those users and ignore accounts like service accounts, test accounts, and admin accounts.
SELECT ResourceID AS UserResourceID FROM v_CM_RES_COLL_CM10029D ORDER BY SMSID
…where CM10029D is the collection ID of the desired user collection to use for limiting. This will limit the list of resource ID's to only those users that are in the selected user collection.
Skip Duplicate User Records in SCCM
Under rare circumstances, I have seen customers where SCCM has more than one user record with the same user name but different resource ID's. This is typically more common with computer records, where reimaging a machine with the same machine name can result in a new resource ID (and a similar custom query can be used for the Custom Computer ID Sync SQL Query). In both cases, you'll see unique key constraint violation errors in the data sync error log. To avoid this and only pull in non-duplicate user records from SCCM...
SELECT vru.ResourceID as UserResourceID FROM v_R_User vru WHERE (SELECT COUNT(ResourceID) FROM v_R_User WHERE User_Name0 = vru.User_Name0) = 1 ORDER BY vru.Name0Note 1: Users with duplicate records will not be synced into App Portal. This will prevent them from using App Portal. If you run into a user that is not able to use App Portal and you don't see their account in App Portal, but they do show up in SCCM, make sure there are not duplicate records in SCCM for that user. If so, you'll need to remove all of the duplicate records and keep only the one you want (usually the one with the highest ResourceID).
‎Jun 26, 2019 01:27 PM - edited ‎Jun 26, 2019 01:29 PM
‎Jan 13, 2021 01:21 PM
‎Jan 14, 2021 08:11 AM
‎Jan 14, 2021 03:29 PM
‎Jan 15, 2021 07:38 AM
Hi Charles,
I have a working Custom User Sync SQL Query as you know but I don't see my numbers matching up with my collection anymore. It seems that the "Licenses Used" number in App Portal aren't dropping to match my SCCM "licensing/limiting collection" they're only climbing. Should they drop or is it as you explained in the past when I changed the query and then needed to delete the WD_Users? Is it that the users only get added and not purged as they do in my SCCM collection with the AD query?
Thanks in advance ,
Jeff
‎Mar 04, 2021 03:18 PM
What type of license are you using? I can't recall.. You can tell this by going to settings->general, and looking at the license Entity.. If USER, then the count is generated using the following query:
SELECT Count(UniqueName) from WD_User where lastupdate > DATEADD(day, -7, GETDATE()) and UniqueName is not null
The licensed collection is only used if you have a device based license.. In this case, the count should reflect the number of users in the specified license collection.
‎Mar 04, 2021 03:29 PM
‎Mar 04, 2021 03:43 PM
It looks like your collection JOIN is incorrect. You are doing a RIGHT OUTER JOIN instead of using an INNER JOIN. That means you will get a result for every user in v_R_User instead of only users that are in your collection. If you run the query directly in SQL Management Studio, you should see the result, and that count should roughly match what you see in App Portal. Also, as I've mentioned in previous threads, I would recommend removing that collection join from your Custom User Sync SQL Query and instead put it in your Custom User ID Sync SQL Query.
Try the following instead...
Custom User ID Sync SQL Query
SELECT vru.[ResourceID] AS [UserResourceID]
FROM [v_R_User] vru
INNER JOIN [v_CM_RES_COLL_LY202C54] vcm ON vcm.[ResourceID] = vru.[ResourceID]
...or you could go with the more simplified version like this, so you don't even need a JOIN...
SELECT [ResourceID] AS [UserResourceID]
FROM [v_CM_RES_COLL_LY202C54]
ORDER BY [SMSID]
Custom User Sync SQL Query
SELECT DISTINCT givenName0 AS FirstName, sn0 AS LastName, DisplayName0 AS DisplayName,
Network_Operating_System0 AS OS, physicalDeliveryOfficeNam0 AS Office,
l0 AS City, vru.postalCode0 AS PostalCode, department0 AS Department,
title0 AS Title, User_Name0 AS UserName, mail0 AS Email, manager0 AS Manager,
vru.ResourceID AS UserResourceID, distinguished_Name0 AS ADSPath,
Full_User_Name0 AS FullName, Name0 AS Name, Unique_User_Name0 AS UniqueName,
Windows_NT_Domain0 AS UserDomain, company0 AS Company, ra.User_OU_Name0 AS UserOU
FROM v_R_User AS vru
LEFT JOIN v_RA_User_UserOUName ra on ra.ResourceID = vru.ResourceID
WHERE ra.User_OU_Name0 = 'XXXXXXXX.COM/USER ACCOUNTS'
Also, based on the query Charlie mentioned for calculating the license count, it looks like users that fall out of that collection will take 7 days before they are no longer counting against your license count.
‎Mar 04, 2021 05:19 PM - edited ‎Mar 04, 2021 05:37 PM
So based on your last comments regarding the User license query, once I update the 2 queries do I not need to "delete the old data in WD_User prior to performing another sync" as Charles recommended in a previous thread? If that's the case than I would just need to restart the ESD service so that the new values will be picked up by the sync process. Is that correct?
‎Mar 05, 2021 11:59 AM
In theory, yes, that's correct.
‎Mar 05, 2021 06:22 PM