https://connect.hyland.com/t5/alfresco-archive/user-changes-domains-help/m-p/271994#M225124 <HTML><HEAD></HEAD><BODY><SPAN>I have a bunch of users that are in Active Directory groups and being added automatically to Alfresco.&nbsp; The way it works:</SPAN><BR /><BR /><SPAN>DomainA group with username jriker DISABLED</SPAN><BR /><SPAN>DomainB group with username jriker ACTIVE</SPAN><BR /><SPAN> </SPAN><BR /><SPAN>Both DomainA and DomainB has the same named AD groups and they all are stored in another meta group that I directly reference.&nbsp; Problem I'm having now is when people are moved to DomainB they are able to login still but none of their data is associated with them.&nbsp; How do I tell Alfresco these are the same users or is the problem that the system has not resync'd yet?</SPAN><BR /><BR /><SPAN>Thanks.</SPAN><BR /><BR /><SPAN>JR</SPAN></BODY></HTML> Tue, 13 Sep 2011 16:56:14 GMT jriker1 2011-09-13T16:56:14Z https://connect.hyland.com/t5/alfresco-archive/user-changes-domains-help/m-p/271994#M225124 I have a bunch of users that are in Active Directory groups and being added automatically to Alfresco.&nbsp; The way it works<IMG id="smileyvery-happy" class="emoticon emoticon-smileyvery-happy" src="https://migration33.stage.lithium.com/i/smilies/16x16_smiley-very-happy.png" alt="Smiley Very Happy" title="Smiley Very Happy" />omainA group with username jriker DISABLEDDomainB group with username jriker ACTIVE Both DomainA and DomainB has the same named AD groups and they all are stored in another meta Tue, 13 Sep 2011 16:56:14 GMT https://connect.hyland.com/t5/alfresco-archive/user-changes-domains-help/m-p/271994#M225124 jriker1 2011-09-13T16:56:14Z https://connect.hyland.com/t5/alfresco-archive/user-changes-domains-help/m-p/271995#M225125 <HTML><HEAD></HEAD><BODY><SPAN>Thought I would revive this as I can't imagine an enterprise application would not be able to accommodate someone switching domains in an organization.&nbsp; Even if it was manually editing the database and updating some UUID or something.&nbsp; Anyone?</SPAN><BR /><BR /><SPAN>Thanks.</SPAN><BR /><BR /><SPAN>JR</SPAN></BODY></HTML> Fri, 14 Oct 2011 13:31:33 GMT https://connect.hyland.com/t5/alfresco-archive/user-changes-domains-help/m-p/271995#M225125 jriker1 2011-10-14T13:31:33Z https://connect.hyland.com/t5/alfresco-archive/user-changes-domains-help/m-p/271996#M225126 <HTML><HEAD></HEAD><BODY><SPAN>Hello,</SPAN><BR /><BR /><SPAN>it all depends on how your authentication subsystem is set up with regards to the synchronization, and how you manage the identities in your LDAP/AD. We have a customer whose LDAP simply contains all trees of their domains and we have set up one authentication subsystem against this aggregated LDAP - when users change domains and their active flag is updated, the currently active account is considered for synchronisation with Alfresco. As long as the identifying property has the same value, the user is unaltered in Alfresco.</SPAN><BR /><BR /><SPAN>But when you have two or more subsystems configured (one for each domain) you actually cause Alfresco to delete and recreate users when they move, as two users from different subsystems are not considered to be the same individual as long as both subsystems are active.</SPAN><BR /><BR /><SPAN>So:</SPAN><BR /><SPAN>- ensure users move only between the domains covered by a single subsystem</SPAN><BR /><SPAN>- ensure user moves are atomic operations (if one account is deactivated and the new one will only be available two days later, you run the risk of the user being deleted in the meantime depending on your synchronisation interval / triggers)</SPAN><BR /><SPAN>- ensure the identifying property remains exactly the same (although case is probably irrelevant at least for 3.4 and lower)</SPAN><BR /><BR /><SPAN>Regards</SPAN><BR /><SPAN>Axel</SPAN></BODY></HTML> Fri, 14 Oct 2011 14:12:04 GMT https://connect.hyland.com/t5/alfresco-archive/user-changes-domains-help/m-p/271996#M225126 afaust 2011-10-14T14:12:04Z