https://connect.hyland.com/t5/alfresco-forum/local-user-ad-user-sync-deletion/m-p/78055#M24463 <HTML><HEAD></HEAD><BODY><P>&nbsp; Thanks for the clarification. It is helpful!</P></BODY></HTML> Tue, 31 Jul 2018 14:27:14 GMT muthu_domain 2018-07-31T14:27:14Z https://connect.hyland.com/t5/alfresco-forum/local-user-ad-user-sync-deletion/m-p/78053#M24461 Hi,we have few users in alfresco local database and we have migrated some of the users to AD. my question is:1. if we do full sync with AD and enabling&nbsp;synchronization.allowDeletions&nbsp;will affect local users in alfresco ?. because our existing user query in ldap-ad chain brought up all the computer a Tue, 31 Jul 2018 07:10:26 GMT https://connect.hyland.com/t5/alfresco-forum/local-user-ad-user-sync-deletion/m-p/78053#M24461 muthu_domain 2018-07-31T07:10:26Z https://connect.hyland.com/t5/alfresco-forum/local-user-ad-user-sync-deletion/m-p/78054#M24462 <HTML><HEAD></HEAD><BODY><P style="color: #727174; background-color: #ffffff; border: 0px;">Hi:</P><P style="color: #727174; background-color: #ffffff; border: 0px;"></P><P style="color: #727174; background-color: #ffffff; border: 0px;">1. if we do full sync with AD and enabling&nbsp;synchronization.allowDeletions&nbsp;will affect local users in alfresco ?.</P><P style="color: #727174; background-color: #ffffff; border: 0px;"></P><P style="color: #727174; background-color: #ffffff; border: 0px;">&gt; Do you mean if some username collides ? I would say that it affects in terms on chain authentication only (you may login with two passwords in general) , but the user in Alfresco belongs to two&nbsp;authentication zones, so I think it won't be deleted.</P><P style="color: #727174; background-color: #ffffff; border: 0px;"></P><P style="color: #727174; background-color: #ffffff; border: 0px;">because our existing user query in ldap-ad chain brought up all the computer and service accounts into alfresco. existing person query in ldap-ad chain is (&amp;(objectclass=user)).</P><P style="color: #727174; background-color: #ffffff; border: 0px;"></P><P style="color: #727174; background-color: #ffffff; border: 0px;">&gt; For&nbsp;avoiding this&nbsp;you should define a more precise query or to make&nbsp;an&nbsp;aproximation like this:</P><P style="color: #727174; background-color: #ffffff; border: 0px;"></P><P style="color: #727174; background-color: #ffffff; border: 0px;"><A class="link-titled" href="http://formtektips.blogspot.com/2018/02/best-practices-for-managing-user-import.html" title="http://formtektips.blogspot.com/2018/02/best-practices-for-managing-user-import.html" rel="nofollow noopener noreferrer">Technical Tips &amp; Tricks: Best Practices for Managing User Import into Alfresco from Active Directory</A>&nbsp;</P><P style="color: #727174; background-color: #ffffff; border: 0px;">&nbsp;</P><P style="color: #727174; background-color: #ffffff; border: 0px;">2. if i modify the user query to (&amp;(objectclass=user)(userAccountControl=512)), it will bring only active users from AD. does all junk users will gets cleanup if i only modified the query alone or do i need to do a full with AD anyways.&nbsp;&nbsp;</P><P style="color: #727174; background-color: #ffffff; border: 0px;"></P><P style="color: #727174; background-color: #ffffff; border: 0px;">&gt; For cleaning your computer and service accounts, you will need a full sync with deletions on a newer user query that exclude all those&nbsp;<SPAN>computer and service accounts. The above link probably do the right&nbsp;sync. Another simple&nbsp;trick for starting from zero point (without ldap users) is to change to a virtual&nbsp;<SPAN style="color: #505050; background-color: #ffffff;">userSearchBase so the resulting query gives zero users and do full sync. And later just put the correct user query. You can check the querys with Apache Directory Studio for example.</SPAN></SPAN></P><P style="color: #727174; background-color: #ffffff; border: 0px;"></P><P style="color: #727174; background-color: #ffffff; border: 0px;"><SPAN style="background-color: #ffffff; color: #505050;">Regards.</SPAN></P><P style="color: #727174; background-color: #ffffff; border: 0px;"><SPAN style="background-color: #ffffff; color: #505050;">--C.</SPAN></P></BODY></HTML> Tue, 31 Jul 2018 11:35:24 GMT https://connect.hyland.com/t5/alfresco-forum/local-user-ad-user-sync-deletion/m-p/78054#M24462 cesarista 2018-07-31T11:35:24Z https://connect.hyland.com/t5/alfresco-forum/local-user-ad-user-sync-deletion/m-p/78055#M24463 <HTML><HEAD></HEAD><BODY><P>&nbsp; Thanks for the clarification. It is helpful!</P></BODY></HTML> Tue, 31 Jul 2018 14:27:14 GMT https://connect.hyland.com/t5/alfresco-forum/local-user-ad-user-sync-deletion/m-p/78055#M24463 muthu_domain 2018-07-31T14:27:14Z