Hyland Connect

Go to answer · ‎01-01-2019

Hi,

I want to map all my users/user groups from www.abc.com to www.def.com. From the MRG, I need to first create a new AD domain (def.com).

What I want to know is this:

1. After this new domain is created, how do I migrate existing AD Users & Groups from abc.com to def.com? Do I use the Auto-Configure using Matching User Group Names option?

2. Assuming we managed to complete step 1 (ie. We have now successfully copied over all of our AD users/groups), do we have to manually map AD users to OnBase User Groups as per the drag-and-drop method? Or is there a better way to do it?

My apologies if I sound completely vague and non-specific. I’m just very new to OnBase and there are a few things I need to clarify before I can form better questions =P.

AdamShaneHyland · ‎01-02-2019

Hi Shannon.

As I understand what you are doing, all of your domain users will be moved from one domain to another domain. On the backend, there is typically a fair amount of work to do this on the domain side, but the main concern here is regarding the Security ID (SID) of the domain user which is a unique ID.

To answer #1, the Auto-Configure using Matching User Group Names option will match the user groups based on the user group name. This means, if you name the user groups exactly the same in both domains and within OnBase, using the option will map the new domain user group to the OnBase user group.

To answer #2, when using the Active Directory - Enhanced method with OnBase for domain authentication, we match domains user to OnBase users based on the SID. When the users are created within the new domain, they will have a new SID. Since the users now have a new SID, as soon as they log in, OnBase will create a new user account since the OnBase user account already is associated with a SID from the original domain.

Working with your first line of support, it is possible to clear out the SID value for the users so that the authentication process tried will fail the SID matching and revert to name matching. This will only work if the domain user names (domain\jdoe) do not change. If they do change (domain-def\johndoe), then there is no way to map.

Best wishes.

View answer in original post

AdamShaneHyland · ‎01-02-2019

Hi Shannon.

As I understand what you are doing, all of your domain users will be moved from one domain to another domain. On the backend, there is typically a fair amount of work to do this on the domain side, but the main concern here is regarding the Security ID (SID) of the domain user which is a unique ID.

To answer #1, the Auto-Configure using Matching User Group Names option will match the user groups based on the user group name. This means, if you name the user groups exactly the same in both domains and within OnBase, using the option will map the new domain user group to the OnBase user group.

To answer #2, when using the Active Directory - Enhanced method with OnBase for domain authentication, we match domains user to OnBase users based on the SID. When the users are created within the new domain, they will have a new SID. Since the users now have a new SID, as soon as they log in, OnBase will create a new user account since the OnBase user account already is associated with a SID from the original domain.

Working with your first line of support, it is possible to clear out the SID value for the users so that the authentication process tried will fail the SID matching and revert to name matching. This will only work if the domain user names (domain\jdoe) do not change. If they do change (domain-def\johndoe), then there is no way to map.

Best wishes.

Go to answer · ‎01-03-2019

Hi Adam,

Thanks for clarifying.

Does this mean that if we keep our user names the same in different domains (ie. domain-abc\jdoe --> domain-def\jdoe), it's possible to map users based on name matching?

Hyland Connect

Migrating AD Users/Groups from One Domain to Another