We have two AD integrations currently and an issue we are seeing is that there are some overlapping names in each AD instance which causes Flexnet to overwrite the data. Has anyone experienced this issue in the past and if so, what did you do to fix it? Thanks in advance.
Jan 28, 2020 07:26 AM
Hi rclark0,
For Active Directory (AD) users, you would typically use the 'distinguishedName' user property.
The 'distinguishedName' attribute value for any AD user will typically have the following format:
CN=<sAMAccountName>,CN=Users,DC=<domain>,DC=<domain-ending>
As you are interested in <domain>.<domain-ending> for matching this user property to the 'Qualified Name' Windows domain property only, you can use data transformation features in the Business Adapter configuration when populating the "Qualified Name" field.
This is shown in the screenshot attached to this post.
Jan 28, 2020 02:00 PM
Hi,
Could you please specific on:
Best regards,
Markward
Jan 28, 2020 12:01 PM
We noticed the overlap when going to license a user and noticed that the account name didn't match the users name.
The users data from AD is changing back in forth each time the AD inventory import occurs. That information includes location, name, phone #, address, ect....
A quick example of exactly what is happening would be that the first AD integration runs and updates info for account name ABC123, the 2nd AD intergration runs but also has a user ABC123 and now updates all the user info from the 2nd intergration.
Jan 28, 2020 12:13 PM
As the standard FNMS AD interface does not import location, phone # etc, this sounds as if you did configure your own Active Directory integration using a Business Adapter (MGSBI).
When configuring the AD integration (see attached screenshot)
This configuration will prevent AD users having the same sAMAccountName but coming from different Windows domains from overwriting their user properties, as both sAMAccountName as well as the name of the Domain need to match.
Jan 28, 2020 12:35 PM
Jan 28, 2020 12:42 PM
Hi rclark0,
For Active Directory (AD) users, you would typically use the 'distinguishedName' user property.
The 'distinguishedName' attribute value for any AD user will typically have the following format:
CN=<sAMAccountName>,CN=Users,DC=<domain>,DC=<domain-ending>
As you are interested in <domain>.<domain-ending> for matching this user property to the 'Qualified Name' Windows domain property only, you can use data transformation features in the Business Adapter configuration when populating the "Qualified Name" field.
This is shown in the screenshot attached to this post.
Jan 28, 2020 02:00 PM
Jan 28, 2020 02:16 PM
Hi rclark0,
Are you using the standard FNMS Active Directory (AD) interface where the export is configured on the "Active Directory" page on a Beacon, or did you configure your own integration using a Business Adapter (MGSBI)? Which release of FNMS do you use?
Also, can you clarify please if in the Active Directory instances that you are importing data from:
If you have sampe AD users with overlapping names from different AD sources, could you check in the [FNMSCompliance] database in the [ImportedActiveDirectoryUser], [ActiveDirectoryUser]
as well as in the [ComplianceUser] views if these users are distinct, please?
Jan 28, 2020 12:13 PM
We are using the standard AD integration from the Active Directory import on the beacon. These users have the same sAMAccountName but are on two different domains.
Jan 28, 2020 12:17 PM