This article explains how the Employee Directory Connector (EDC) feature may unexpectedly create new user records in your ThoughtFarmer intranet, why this happens and the steps to correct this error.
About the EDC
The EDC allows ThoughtFarmer to connect to an external identity provider, such as Active Directory (AD), to perform user management and authentication tasks. The EDC can perform a range of actions to keep user records aligned with a target AD group such as activating, deactivating and creating new user records.
Using the EDC to create new users
When an EDC sync is run with the Bulk Create Users option enabled, each user in the AD group is compared the ThoughtFarmer user list looking for a match on the username field. If a match is found, the EDC will update the record (if the Bulk Update Users option is enabled) and then move onto the next AD user in the group.
If a match is not found, the EDC will attempt to create a new ThoughtFarmer user using the details of the AD user record, if the Bulk Create Users option is enabled.
When user details change in Active Directory
If a user's username changes in Active Directory, these changes need to be manually applied to the ThoughtFarmer user's record before running the next EDC sync. If not, the EDC will fail to find a match in ThoughtFarmer and create a new user record.
In the example below, an AD user's name has changed which caused their username to change, as well. Because this change was not also applied to their ThoughtFarmer user record, the EDC did not find a match and created a new user record.
Note: If the Bulk Deactivate Users sync task was also enabled, the EDC would have deactivated the original ThoughtFarmer user record (John Black), as well.
How can I tell this happened?
The updated user may report their content and settings are missing after logging with their updated username. In this case, they have logged into the user account account created by the EDC sync which, as a newly created account, does not contain anything. Their content and settings are still under their previous user account.
How to fix this issue
- Find and edit the user's original user record via the User Management area of the Admin Panel.
- Change the username and email fields to match the username and email in the Active Directory record. Save.
- Find and edit the newly created user record via the User Management area of the Admin Panel.
- Change the username and email so it they do not match any other in the system. You may choose to add _DUPLICATE to the end, for example. Save.
- An EDC sync can now be run to apply the values in the AD user record to the intended user record in ThoughtFarmer. Ensure the Bulk update users option is checked and run an on-demand sync to complete the update.
- View the Sync Logs tab under Admin panel > Employee directory connector > [AD entry name] to confirm the sync completed successfully.
- Return to the User Management area and confirm the user's record has been updated with the correct username, email and other details from Active Directory.
- (Optionally) Delete the extra user record created by the EDC.