KACE Product Support Question

How to stop KACE from creating duplicate users from AD sync when name changes

03/12/2018 1437 views
We have had a few staff members get married and need their name changed. We make the edits in AD and I believed that KACE would update accordingly. Instead, it just creates a new user with the new last name. How can KACE be set up to update the existing user instead of making a new one?

0 Comments   [ + ] Show comments


All Answers

This content is currently hidden from public view.
Reason: Removed by member request For more information, visit our FAQ's.
This content is currently hidden from public view.
Reason: Removed by member request For more information, visit our FAQ's.
Kace uses a database for users.

Each entry will have attributes such as Name, last name, email, samaacountname, telephone etc. 

One of those attributes needs to be the Primary Key, that means the unique value, this is a string that is unique to a person, let's say ID or sometimes email is a good Primary Key. 

The kbox does not sync with AD FYI, the kbox will just import new users and update values. 

So depending who you guys configured your Ldap imports... The kbox will update or create new entries based on the primary key. 

If email is your Primary Key and your email changes because you are now married.... The Kbox will say you are a new user. 

The Primary Key, when picking an attribute you gotta be careful, make sure is indeed unique and will not change. 
Answered 03/13/2018 by: Channeler
Red Belt

  • I cannot find where to set a primary key in the LDAP settings in KACE. Where is that?
    • Cheking the attributes mapping from your current LDAP import schedule (the one with the bell In LDAP authentication). You might have more than one depending on scope and roles

      Anyway, there, step 2 o 3, is "Define mapping between User attributes and LDAP attributes"

      Post a picture of your current mapping.
      • I put the picture in the origianl question as I have not figured out how to post an image as a reply or comment.
    • OK i see your screenshot... so...

      Why is it Primary Email mapped to the attribute "userprincipalname" ?

      Primary Email is part of the Primary key, this explains why you are creating new users instead of updating existing ones, every-time a user import from LDAP happens.

      Primary email should be mapped to the AD attribute named "mail"

      • To be honest, this was set up prior to my hire and I have not reviewed it before now. I will review this and see what is the best course of action. My concern now is that changing it will cause everyone to be duplicated. Meaning there would be a lot of cleanup if I have to go in and change tickets, inventory, and devices.
        I was not able to view the image that your linked in the post above.

Don't be a Stranger!

Sign up today to participate, stay informed, earn points and establish a reputation for yourself!

Sign up! or login


This website uses cookies. By continuing to use this site and/or clicking the "Accept" button you are providing consent Quest Software and its affiliates do NOT sell the Personal Data you provide to us either when you register on our websites or when you do business with us. For more information about our Privacy Policy and our data protection efforts, please visit GDPR-HQ