• State Suggested Answer
  • Replies 5 replies
  • Answers 1 answer
  • Subscribers 20 subscribers
  • Views 1084 views
  • Users 0 members are here
Options
Related

Can I configure DirSync NOT to rename existing accounts? I want DirSync to ONLY update users passwords and group memberships, and clone new users, but NOT to rename existing users whose target names are different from the source

vladimir heifets_25324
over 1 year ago

Hello, I used a regular migration session to clone source users to target, and some of the source users were renamed on target. Some users on the source domain were named with FirstInitialLastName and were created on target with the new naming convention, First.Last.

I turned on Dirsync after migration to sync user IDs from source to target (the requirement was to keep group memberships and passwords in sync) but I have not configured dirsync to skip any attributes, and did not enable target to source sync.

I noticed that the users whose IDs were renamed during the initial migration are now renamed on target to match their original source user ID (firstinitiallastname). 

How can I configure DirSync to leave existing users alone and NOT rename them, while still syncing their passwords and group memberships?  I can exclude sAMAccountName and name attributes from syncing but that would prevent new user creation since they are essential naming attributes. 

I am running QMMAD 8.15

Any pointers are greatly appreciated

Thank you

Parents Reply Children
  • 0 over 1 year ago in reply to Jeff Shahan

    Thanks Jeff.  Looking into it further, I determined that the real issue is the target UPN of the users. We need to keep it in First.Last format to match Office365 accounts. So if I let DirSync change sAMAccountName but force target UPN to be @mycompany.com (in sync configuration) while at the same time configuring DirSync to skip UPN attribute source to target, would this work?  How does the logic flow when I configure "Set the domain suffix of the UPN to mycompany.com" in "User Principal Name handling" while at the same time I skip "UPN" for users "source-to-target"?

  • 0 over 1 year ago in reply to vladimir heifets_25324

    The way the UPN is handled, you have a few options, Sync does what you would think. It copies the source value to the target. If you select change, it will leave the local part and change the suffix only. Bob@OldCompany.com becomes Bob@NewCompany.com  of any of the other registered UPN suffixes in the target directory. Skip UPN is another option in the UI. Don't use the Skip Attributes UI to skip the UPN.

    Does that help?