A new Flexera Community experience is coming on November 25th. Click here for more information.
Hello everyone,
What happens to user records after their originating integration is removed? For instance, if I have an SCCM integration which creates user records should those users be removed when I delete the SCCM integration? I know that is the behavior for inventory devices but I haven't found anything about users in particular.
Thanks!
‎Jul 13, 2020 02:38 PM
I'm not entirely sure about the specific behavior for updating the "Last inventory source" property on user records, but my best guess in the scenario you have described is that you may only see the value of this property getting updated if and when one of the property values imported from Active Directory for the user (such as the user's SAM account name, or possibly their full name) changes. Until and unless there is a change, the last source that data was imported from that triggered a change on the user record (i.e. SCCM aka "SMS" in your case) will remain listed as the "Last inventory source".
‎Jul 15, 2020 09:36 AM
Hi,
After a quick check, the Writer's User.xml does not seem to delete from the ComplianceUser table.
I'd assume that this is by design. Users should be removed by a clear process, not by being no longer lastlogon user on a device.
Only applies to on-prem: I guess, if you want to get rid of any users no longer coming in from sources like SCCM, you could compare your ComplianceUser table to what you find in the ImportedComputer table and remove the overhang. Please keep in mind that there might be other sources to consider as well. E.g. ImportedUser, like from O365 integration, you probably don't want to remove these.
Best regards,
Markward
‎Jul 14, 2020 02:01 AM
If a user record is directly tied to user data imported from an inventory source such as SCCM and no other source, the when the connection to the inventory source is deleted (and not just disabled) the user record will normally be subsequently deleted on the next import.
There may well be things going on which would stop this deletion from happening though. For example, if a user is in an Active Directory domain that has been imported into FlexNet Manager Suite then simply deleting a connection to the SCCM source would likely not be enough to cause the user to be deleted - because the existence of the user details in the imported Active Directory domain data will be enough to keep it there.
For people like @mfranz interested in the low level details of where/when this deletion happens, this deletion happens in the RemoveMissingUsers import writer step found in the ImportProcedures\Inventory\Writer\RemoveMissingUsers.xml file.
‎Jul 15, 2020 03:49 AM - edited ‎Jul 15, 2020 03:51 AM
Correct, I didn't look far enough. There is an extra xml file for that.
‎Jul 15, 2020 03:57 AM
Thanks @ChrisG and @mfranz for your input. FNMS is integrated with AD so the users previously coming from SCCM are then also matched to AD. Should I expect the last inventory source for those user records to change when an integration is removed? Even though the SCCM integration was removed a week ago, and the AD import has been running daily, I'm still seeing SMS as the last inventory source for users.
‎Jul 15, 2020 09:09 AM
I'm not entirely sure about the specific behavior for updating the "Last inventory source" property on user records, but my best guess in the scenario you have described is that you may only see the value of this property getting updated if and when one of the property values imported from Active Directory for the user (such as the user's SAM account name, or possibly their full name) changes. Until and unless there is a change, the last source that data was imported from that triggered a change on the user record (i.e. SCCM aka "SMS" in your case) will remain listed as the "Last inventory source".
‎Jul 15, 2020 09:36 AM
A bit counterintuitive but I appreciate your insight. Thanks for the help!
‎Jul 15, 2020 02:42 PM