How can I merge SD accounts with AD Accounts?
This article provides a proposed solution on how to handle current SD users and have them merged into the respective AD user accounts.
Preliminary Info:
-Duplicate accounts can be created when client installation occurred without Active Directory server being configured in end user environment. At install SecureDoc would create an entry for non-AD user.
Then when clients decide to add Active Directory Sync service users that are pulled from AD are now duplicated.
-Duplicates can be created with Active Directory service is running and Windows AD Administrators create new AD account but dont give Active Directory service enough time to pull the user records. Admins can be educated to stop ADsync services >Perform force Sync and start the service to pull AD accounts faster
Proposed Solution:
Initial preparation:
Initial preparation:
- This process is only applied to single domain environments (not multi-domain environments )
- It’s strongly recommended to initially backup your SES database before continuing to next step.
- You can refer to KB Article 1155 How to back up (and restore) the SES Database using SQL Backup Commands on how to perform backup
- Additionally as well, you can also consider have user try testing in a test environment (e.g. VM)
Once backup is done:
- Run SQL script
- The script will attempt to combine those users that were non AD with AD and keep them on devices for future updates
See SQL Script file attached: CorrectDuplicateUsers.Ad2NonAd.sql
Internal Ref:
SD-23573 - Script to merge SD accounts with AD Accounts