By using this website, you agree to our Terms of Use (click here)
We are consolidating Windows AD Forests and our users are currently on abc\username. The abc users have been copied to the def forest.
Any idea on how to change the users from abc\username to def\username on the system.
I have tried sql scripts that Acumatica recommended for when a name changes ( married divorced types of things...)
I changed the AD path in the web.config file. Ran the script to change the user from abc\ to def\. Verified that they are all def\.
When they log in the changed user account gets a username of Deleted_from_AD_def\username and a new def\username is built. All the roles are dropped and we would have to rebuild them.
We have a lot of users and would hate to have to rebuild them all.
Thanks for any help ahead of time.
I have had my VAR talking with Acumatica and they recommended updating the ExtRef field on the User table with the SID of the new Windows AD tree.
My preliminary tests look good. After converting several accounts, they seem to retain their roles and access.
So it was a change of username from old\username to new\username and ExtRef to the SID from the new Windows AD domain from the new\username account.
Thanks for posting the solution.
Just curious, is this local/hosted Active Directory or Azure Active Directory? And are you only using it for SSO or also for synching User Security Roles?
These locally hosted directories.
I am trying to move to ADFS for login, but I needed to move to the standardized server farm first. That forced the new AD Tree.
Right now, we are only synching one role to the Windows AD group. If we go to ADFS, we will have over a thousand for each of our residences.