文档章节

Changes of user relationship in AD can't be correctly synchronized to SCSM

o
 osc_y8yehimr
发布于 2019/03/21 21:50
字数 740
阅读 17
收藏 0

精选30+云产品,助力企业轻松上云!>>>

The relationship of users might be not correctly updated if related users were once re-named in AD or have duplicate records in DB.

Cause 1 - Known Issue: a renamed user in AD will be treated as a new object in SCSM

Symptom

There are multiple records for the same user in BaseManagedEntity.

Analysis

There is a blog talking about this kind of behavior: https://blogs.technet.microsoft.com/manageabilityguys/2013/06/17/managing-username-changes-in-service-manager/

I did a test in my lab environment (SCSM 2012 R2). After I rename a user in AD and run AD connector, there will be two objects co-existing in the table [dbo].[ManagedEntity] for the user, and two relationships in the table [dbo].[Relationship].

For example, after I change my user name from "wendi" to "wendii", then to "wendie", there are 3 user objects and 3 relationships in the DB.

Relationship:

BaseManagedEntity:

Then I manually deleted "wendi" from DB, and changed the manager from "weiwen" to "Administrator" in AD. The relationship got updated for the newest object "wendie", but not for the old object "wendii". That resulted in two managers for the user "wendii"/"wendie", which is actually the same user in AD.

Resolution

Firstly remove the duplicated users from [dbo].[ManagedEntity].

  1. If you don’t want to lose the relationships associated with the old object, please use the script in the blog to move all relationships from old object to new object.

    Note: In the script there is a path pointing to SCSM PowerShell Module. You may need to alter it manually based on the real location.

  2. Remove the duplicate user object:

$oldADUser = "wendi"
Get-SCClassInstance -Class (Get-SCClass -Name "System.Domain.User") -Filter "UserName -eq $oldADUser | Remove-SCClassInstance

After confirming there is no duplicate user objects, please change the manager relationship in AD, then check if the relationship can be updated correctly by AD connector.

Cause 2 - Duplicate AD connector introduces duplicate user records

If there is only 1 record in BaseManagedEntity, but multiple records in [LFXSTG].[AD_User], it is probably from duplicate AD connectors.

We can check the data sources of the records in [LFXSTG].[AD_User]:

This query can give you information about all data sources (connectors):

Select * from LFX.Datasource

A sample output:

DataSourceId DataSourceName DataSourceAddress DisplayName
2 ADConnector.af492f92b2d04b4092d2f0c6108a4aff LDAP://DC=contoso,DC=com CONTOSO AD Connector
11 ADConnector.762fe647adc14c2daba1191291e6b37f LDAP://OU=AdminUsers,OU=Users,DC=contoso,DC=com CONTOSO AD Connector - Users
12 ADConnector.b93d4f78d799462280e841e228f5f921 LDAP://DC=contoso,DC=com CONTOSO AD Connector - Printers
13 ADConnector.d49f58ebf7b84c509c3426cde55c7cd5 LDAP://DC=contoso,DC=com CONTOSO AD Connector - Computers
14 ADConnector.e56e3f09b5614c5ea554e3d0c06c7da4 LDAP://DC=contoso,DC=com CONTOSO AD Connector - Groups
15 ADConnector.747d1f1f252f46a59634378686a32dbe LDAP://OU=SCSM,OU=Groups,DC=contoso,DC=com CONTOSO AD Connector - SCSM Groups

Resolution

Disable all duplicate connectors. After that, all users modified in the future could be correctly updated.

For those users which are already affected by the issue, we can follow below steps to process them.

  • Run this query in ServiceManager to get the users who have duplicate relationships with relationship isDeleted = 0, as well as the connectors that brought the relationships. (This query focuses on "manager" relationship)
Select distinct
u.DisplayName 'User Display Name',
u.UserName_6AF77E23_669B_123F_B392_323C17097BBD 'User', 
Manager.UserName_6AF77E23_669B_123F_B392_323C17097BBD 'Manager', 
r.RelationshipId, 
r.IsDeleted 'Is Relationship Deleted',
C.DisplayName 'Connector',
BME.IsDeleted 'Is Connector Deleted',
R.LastModified
from Relationship R
left join RelationshipType RT on R.RelationshipTypeId = RT.RelationshipTypeId
left join MT_System$Domain$User Manager on manager.BaseManagedEntityId = R.SourceEntityId
left join MT_System$Domain$User U on u.BaseManagedEntityId = r.TargetEntityId
inner join DiscoverySourceToRelationship DSTR on R.RelationshipId = DSTR.RelationshipId
Left join DiscoverySource DS on DS.DiscoverySourceId = DSTR.DiscoverySourceId
left join MT_Connector C on convert(nvarchar(256),DS.ConnectorId) = C.Id
Left join BaseManagedEntity BME on C.BaseManagedEntityId = BME.BaseManagedEntityId
where RelationshipTypeName like '%System.UserManagesUser%' and u.BaseManagedEntityId in
(
Select 
u.BaseManagedEntityId
from Relationship R
left join RelationshipType RT on R.RelationshipTypeId = RT.RelationshipTypeId
left join MT_System$Domain$User Manager on manager.BaseManagedEntityId = R.SourceEntityId
left join MT_System$Domain$User U on u.BaseManagedEntityId = r.TargetEntityId
where RelationshipTypeName like '%System.UserManagesUser%' and r.IsDeleted = 0
group by U.UserName_6AF77E23_669B_123F_B392_323C17097BBD, u.BaseManagedEntityId
Having count(u.UserName_6AF77E23_669B_123F_B392_323C17097BBD) > 1)
order by U.UserName_6AF77E23_669B_123F_B392_323C17097BBD
  • Use below steps to automate the removal of un-needed relationships whilst keeping the most current one.
    1. Copy the query result with headers and save as a .csv file.
    2. Remove the needed relationships from the .csv file.
    3. Use below PowerShell commands to remove the un-needed relationships.
# You may change the file path.
$listcsv = Import-Csv C:\Files\UnneededRelationships.csv

foreach($list in $listcsv)
{
    Get-screlationshipinstance -id $listcsv.RelationshipId | remove-screlationshipinstance
}
o
粉丝 0
博文 500
码字总数 0
作品 0
私信 提问
加载中
请先登录后再评论。

暂无文章

物联网开发服务开发虚拟设备需要几步?

云栖号快速入门:【点击查看更多云产品快速入门】 不知道怎么入门?这里分分钟解决新手入门等基础问题,可快速完成产品配置操作! 物联网平台设备的正常开发流程是:设备端开发完成,设备上报...

osc_2axit9df
54分钟前
18
0
互联网互联网必看文章墙裂推荐

后端必看文章系列 大型项目架构演进过程及思考的点

code-ortaerc
55分钟前
20
0
ACL2020论文整理 - 知乎

ACL2020录取文章已经放出,链接如下: ACL2020论文集合 www.aclweb.org 为了以后更加方便地阅读论文,也本着一颗开源之心,花一个下午的时间整理了一下相关论文。鉴于本人精力有限,并且也只...

osc_5w65ebjo
56分钟前
10
0
SU(N) Hubbard 模型平均场

osc_31d5oo2i
58分钟前
18
0
Python语言及其应用PDF高清完整版百度云盘免费下载|python基础教程PDF电子书推荐

编辑推荐 本书内容易于理解,而且读起来生动有趣,是编程和Python初学者不可多得的教程。书中首先介绍了Python的基础知识,然后逐渐深入多种主题,结合教程和攻略式风格来讲解Python 3中的概...

osc_nbg2lo7i
58分钟前
17
0

没有更多内容

加载失败,请刷新页面

加载更多

返回顶部
顶部