This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Hyland Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

New User Name (Existing User Name Change Due To Marriage) Will Not Log Into OnBase Via Active Directory User Group Authentication

Michael_Snyder
Star Contributor
Star Contributor

‎11-18-2014 10:14 AM

Greetings,

An existing OnBase user recently changed her name due to marriage.  We use Active Directory and her name name was included in the Active Directory Group that maps to an OnBase Group.

1) The old user name (maiden name) did not get Deleted from OnBase.  

2) The SID or Security ID did not get changed for the new user name.

The third party application does work fine but when it attempts to connect to OnBase (with the new "married" name) it says "Failure on login. Please vierify a valid username and password."

Is this due to the SID already existing under the old maiden name User Name?  

Is there any overlying issue with renaming a user's account name from the networking side (including but not limited to MS Outlook, Active Directory, etc.) but reusing the SID?  I know OnBase keeps the SID on the useraccount table.  Is the SID maintained when the user is deleted from OnBase? (I know the user is kept on the useraccount table but the word "inactive" is appended to the user name on the useraccount table.  I am beginning to think the Failure to login is not due the way Active Directory was set up but perhaps due to having the same SID coming into OnBase under a new user name.  

What is the "best practice" approach for changing a user's name due to marriage?  

Thanks for any help concerning this issue/problem!

Mike

Labels:
0 Kudos
7 REPLIES 7

Justin_Fandl
Content Contributor
Content Contributor

‎11-18-2014 11:04 AM

Michael,

I would suggest taking a look at the following thread and TKB article as they may resolve the issue:

https://www.onbase.com/community/handlers/TKBDoc.ashx?DocId=5246219

https://www.onbase.com/community/onbase_product_communities/security_and_network_security_product_pa...

Hope this helps!

0 Kudos

Michael_Snyder
Star Contributor
Star Contributor

‎11-21-2014 04:43 AM

Thank you Justin,

Would you see any inherent problem if the USERNAME is DELETED (marked "deactivated")?  I believe once I do this, then the "married" new username (NetWork AD Authenticated username) with the same Security ID would be able to log into OnBase, thus creating the new username.  It would just be an administrative OnBase configuration task whenever anyone changes their name.

Thanks Again!

Mike

0 Kudos

AdamShaneHyland
Employee
Employee

‎12-01-2014 12:48 PM

Hi Mike,

The only caveat with deleting the user from OnBase is the loss of history associated with the user.  While the history will still be associated with the old user (ie the usernum of the deactivated user), all new actions will be associated with the newly create usernum causing a gap between the two usernums. 

With regards to the SID, if you deleted the user, a new user would be created upon first login.  If you didn't delete the user, then based on the SID they would be able to login since it did not change.  This is only with the Active Directory security method (ie Active Directory in OnBase 12/13 and Active Directory - Enhanced in OnBase 14), not the older method (ie Windows NT Security in OnBase 13 and older and Active Directory - Basic in OnBase 14).  If you verified that the user was able to login post name change with the OnBase Thick Client then the issue is most likely caused by the cache of the user account information on the Application Server.  As Justin mentioned, follow the steps to disable or at least regularly clear the LSALookupCache on the Application Server.

Take care.

0 Kudos

Joe_Pineda
Star Collaborator
Star Collaborator
In response to AdamShaneHyland

‎06-22-2015 10:23 AM

Hi Adam: could you update the links in Justin's post up above? They are broken. Thanks.
0 Kudos
Getting started

Find what you came for

We want to make your experience in Hyland Connect as valuable as possible, so we put together some helpful links.

Copyright © 2024 Khoros, LLC