https://connect.hyland.com/t5/alfresco-forum/ad-user-status-sync/m-p/44538#M18114 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>we have alfresco 5.2 in our environment. we have a couple of active directory domain and which is mapped in alfresco. previously we have all the users (including disabled and active users) in the alfresco.</P><P></P><P><STRONG>issue&nbsp;1: </STRONG></P><P>we have modified the person query and enabled "synchronization.allowDeletions" in ldap-ad-authentication.properties to perform a full sync with the AD.</P><P></P><BLOCKQUOTE class="jive_macro_quote jive-quote jive_text_macro"><P>ldap.synchronization.personQuery=(&amp;(objectclass\=user)(userAccountControl\:1.2.840.113556.1.4.803\:\=512))<BR />ldap.synchronization.personDifferentialQuery=(&amp;(objectclass\=user)(userAccountControl\:1.2.840.113556.1.4.803\:\=512)(!(modifyTimestamp&lt;\={0})))</P><P>synchronization.synchronizeChangesOnly=false<BR />synchronization.allowDeletions=true</P></BLOCKQUOTE><P></P><P>After we restarted the service with the above configuration, we still can see the users in alfresco which are already got deleted in AD.</P><P></P><P><STRONG>issue 2:</STRONG></P><P>we also configured the user status to be reflected in the alfresco, hence we modified the alfresco-global.properties with the below parameters.</P><P></P><BLOCKQUOTE class="jive_macro_quote jive-quote jive_text_macro"><P>authentication.chain=alfinst:alfrescoNtlm,passthru1<img id="smileytongue" class="emoticon emoticon-smileytongue" src="https://connect.hyland.com/i/smilies/16x16_smiley-tongue.png" alt="Smiley Tongue" title="Smiley Tongue" />assthru,ad1:ldap-ad,ad2:ldap-ad,ad3:ldap-ad,ad4:ldap-ad</P><P></P><P>### user account status syncronization ###<BR />synchronization.externalUserControl=true<BR />synchronization.externalUserControlSubsystemName=ad1,ad2,ad3,ad4<BR />ldap.synchronization.userAccountStatusProperty=userAccountControl<BR />ldap.synchronization.disabledAccountPropertyValue=514</P></BLOCKQUOTE><P></P><P>after we restarted the alfresco service, we still see that user status (enabled/disabled) is not reflected in alfresco. users which are disabled in AD is still active in alfresco.&nbsp;</P><P></P><P>let me know what could be the issue here. our final goal is to do a full sync with active users in alfresco. if the user is disabled, the same should be reflected in alfresco as well.</P><P></P><P>Appreciate your help!</P></BODY></HTML> Thu, 02 Aug 2018 06:48:35 GMT muthu_domain 2018-08-02T06:48:35Z https://connect.hyland.com/t5/alfresco-forum/ad-user-status-sync/m-p/44538#M18114 Hi,we have alfresco 5.2 in our environment. we have a couple of active directory domain and which is mapped in alfresco. previously we have all the users (including disabled and active users) in the alfresco.issue&nbsp;1: we have modified the person query and enabled "synchronization.allowDeletions" in l Thu, 02 Aug 2018 06:48:35 GMT https://connect.hyland.com/t5/alfresco-forum/ad-user-status-sync/m-p/44538#M18114 muthu_domain 2018-08-02T06:48:35Z https://connect.hyland.com/t5/alfresco-forum/ad-user-status-sync/m-p/44539#M18115 <HTML><HEAD></HEAD><BODY><P><SPAN style="color: #58595b; background-color: #ffffff; font-weight: bold;">Changing synchronization.synchronizeChangesOnly to false means the scheduled job for synchronization runs in Full Mode. Not sure that full mode is triggered in server startup as well.</SPAN></P><P></P><P><SPAN style="color: #58595b; background-color: #ffffff; font-weight: bold;">You can try running the job by either changing the cron or using jconsole.</SPAN></P></BODY></HTML> Thu, 02 Aug 2018 10:39:57 GMT https://connect.hyland.com/t5/alfresco-forum/ad-user-status-sync/m-p/44539#M18115 hardik1512 2018-08-02T10:39:57Z https://connect.hyland.com/t5/alfresco-forum/ad-user-status-sync/m-p/44540#M18116 <HTML><HEAD></HEAD><BODY><P>In fact, it is not. Full mode is not triggered in startup. A trick for doing this&nbsp;in the startup&nbsp;is doing &nbsp;<SPAN style="color: #58595b; background-color: #ffffff; font-weight: bold;">ldap.synchronization.personQuery the same as ldap.synchronization.personDifferentialQuery</SPAN></P><P><SPAN style="color: #58595b; background-color: #ffffff; font-weight: bold;">&nbsp;</SPAN></P><P><SPAN style="color: #58595b; background-color: #ffffff;">Regards.</SPAN></P><P><SPAN style="color: #58595b; background-color: #ffffff;">--C.</SPAN></P></BODY></HTML> Thu, 02 Aug 2018 16:19:37 GMT https://connect.hyland.com/t5/alfresco-forum/ad-user-status-sync/m-p/44540#M18116 cesarista 2018-08-02T16:19:37Z https://connect.hyland.com/t5/alfresco-forum/ad-user-status-sync/m-p/44541#M18117 <HTML><HEAD></HEAD><BODY><P>Hi Cesar,</P><P></P><P>still the issue is not resolved. even i have made changes in alfresco-global.properties and ldap-ad subsystem properties with below values:</P><P></P><P>on both alfresco-global.properties and ldap-ad.properties:</P><P>synchronization.synchronizeChangesOnly=false<BR />synchronization.allowDeletions=true</P><P></P><P>On alfresco-global.properties:</P><P>synchronization.syncWhenMissingPeopleLogIn=true<BR />synchronization.syncOnStartup=false<BR />#synchronization.import.cron=* * * * * ?<BR />synchronization.import.cron=* 0/10 * * * ?<BR />ldap.synchronization.enableProgressEstimation=true</P><P>ldap.synchronization.userAccountStatusInterpreter=ldapadUserAccountStatusInterpreter</P><P>### user account status syncronization ###<BR />synchronization.externalUserControl=true<BR />synchronization.externalUserControlSubsystemName=ad2,ad4<BR />ldap.synchronization.userAccountStatusProperty=userAccountControl<BR />ldap.synchronization.disabledAccountPropertyValue=514</P><P></P><P>after i restarted alfresco service, still i can see old users in alfresco and their user status also NOT synced. let me know is this functionality will work with alfresco with AD configuration or is there something which i'm missing.</P></BODY></HTML> Tue, 07 Aug 2018 17:12:52 GMT https://connect.hyland.com/t5/alfresco-forum/ad-user-status-sync/m-p/44541#M18117 muthu_domain 2018-08-07T17:12:52Z https://connect.hyland.com/t5/alfresco-forum/ad-user-status-sync/m-p/44542#M18118 <HTML><HEAD></HEAD><BODY><P>Try with this aprox:</P><P></P><P><A class="link-titled" href="http://formtektips.blogspot.com/2018/02/best-practices-for-managing-user-import.html" title="http://formtektips.blogspot.com/2018/02/best-practices-for-managing-user-import.html" rel="nofollow noopener noreferrer">Technical Tips &amp; Tricks: Best Practices for Managing User Import into Alfresco from Active Directory</A>&nbsp;</P><P></P><P>Regards.</P><P>--C.</P></BODY></HTML> Thu, 09 Aug 2018 18:50:46 GMT https://connect.hyland.com/t5/alfresco-forum/ad-user-status-sync/m-p/44542#M18118 cesarista 2018-08-09T18:50:46Z