We have been having an issue with Web Help Desk in which our clients are being marked as Inactive despite them having AD accounts which are enabled. Since we are a school, we update AD each year to account for the change in students' enrollment status which may include having their AD accounts disabled, but not deleting them. It used to work for us where the auto-synchronization would manage this on its own. However, we are now hearing that clients are unable to put in tickets due to their WHD accounts being inactive. I am able to manually re-activate their WHD accounts just for the sake of moving them forward with ticket creation, but this means our client records aren't as they should be. Below is what I know and have done so far:
I took one client and used it as a test to see what would happen when I made various changes. Initially, it was marked as Inactive in WHD which meant I was unable to search for the client by last name, but if I checked Search LDAP, it would show the client record. As a test, I disabled the relevant AD account, performed a manual sync, and I was then unable to search for it even with Search LDAP checked (this is what I expected to see). When I manually activate the client and perform a manual sync (with the AD account enabled), it remains set to Active. This is good, but I have 800+ current clients to verify along with a larger number of clients that should stay inactive (employees that have resigned, students not returning, etc.)
Essentially, I would like for WHD to sync with AD such that accounts which are enabled in AD are marked as Active in WHD and those that are disabled in AD are marked as Inactive in WHD. Any thoughts on where to go next?
Good afternoon Steve,
We are having the same issues after we updated to the new version of the Help desk we are running ver 12.5.0 we are hosted has anyone found a fix for this issue?
Inactive client accounts when using an LDAP connection is not a bug. Instead, this problem is the result of a connection timeout between Web Help Desk and the Directory Service.
Connection Timeout (Setup > Clients > AD/LDAP Connections > Connection Basics > Advanced)
Default: 20 seconds
In a hosted environment, you may consider configuring the LDAP connection to synchronize manually when new employees are added. This step could be added to your new hire process.
To resolve the immediate problem, use the Advanced Search to find the inactive client accounts.
Advanced Search (Clients > Advanced Search)
Clients matching ALL of these conditions:
Inactive = Yes
Then use the Bulk Action tool to activate the inactive client accounts.
Web Help Desk Consultant
Adeptec: SolarWinds Training and Professional Services
○ LinkedIN: Adeptec
○ Facebook: Adeptec
○ Twitter: @Adeptec
A while back I created a support case with the same issue; when AD accounts are re-enabled, the WHD account remains set to 'inactive'. This is the response I received from support:
With regard to the problem you reported, the behavior is by design. Unfortunately, this cannot be changed due to constraints in the Lightweight Directory Access Protocol (LDAP) standard.
So, we must reactivate WHD accounts manually if/when the AD account is re-enabled.
Regarding accounts becoming deactivated, is it possible these accounts exist in or were moved into an OU that is not being sync'd with WHD? IIRC, moving accounts into an OU that is not sync'd via LDAP will make them inactive, as well.
I'm not sure what the constraints are. If user is in sync and currently inactive reactivate.
We ran into an issue where all 15,000+ users were marked inactive. We thought we were going to have to manually activate them all 100 at a time. It turns out you can just ran a simple SQL command on the WHD clients table that updates the inactive field for each user from 1 to 0. Now all users are active again. We re-ran the sync and all was good.
Or you could have selected all clients on all pages of 100 by selecting with a SHIFT click and the Tick goes green rather than blue, useful on Ticket list as well!
Well sure.. we could have done it that way too... In all seriousness, I had no idea we could do that... The only things we found on this topic basically said there was nothing you could do. The SQL command was easy enough, but thanks for sharing this.
I really appreciate the response as this is the clarification I needed. I actually was not certain that it ever functioned in a way such that it would toggle active/inactive for WHD client objects based on the active status for an AD account. It seems as though I should have mentioned this! Our previous sysadmin had set this up which is why we were in the dark. I'm OK with manually re-activating the accounts in WHD as I can likely do this as a batch process and it only needs to be done once a year.
As for your question, the DN is set for OU All Users (see below) which is where all of our users are contained so there's really no chance of AD users being moved to an OU elsewhere.
SolarWinds solutions are rooted in our deep connection to our user base in the THWACK® online community. More than 150,000 members are here to solve problems, share technology and best practices, and directly contribute to our product development process. Learn more today by joining now.