• State Not Answered
  • Locked Locked
  • Replies 5 replies
  • Subscribers 24 subscribers
  • Views 1065 views
  • Users 0 members are here
Options
Related
This discussion has been locked. The information referenced herein may be inaccurate due to age, software updates, or external references.
You can no longer post new replies to this discussion. If you have a similar question you can start a new discussion in this forum.

Small subset of clients seem to randomly become inactive.

kntrotman

I have about 4 or 5 users out of about 200 in my company that seem to get marked as inactive every day.

We're syncing via LDAP, and from what I can tell, these users don't even seem to be attempting to access Help Desk most of the time.

It seems to be consistently the same users each time, and they won't be locked out in AD, but WHD will have them marked as inactive.

We've been able to get by with manually reactivating them, but it's incredibly frustrating for them and us since they have to call us to be unlocked just so they can submit a help desk ticket.

Is anyone else experiencing this issue? Any advice would be greatly appreciated.

  • 0

    Hmm.. the only thing i can think of offhand is if the LDAP sync is seeing them as not active in AD and so it is taking action as defined at the bottom of the LDAP setting page:

    When LDAP Records Are Removed

    Delete ClientDeactivate ClientNo Action

    Is there anything common about the accounts that are getting disabled - like they are all in an isolated OU in the domain or all are in a certain Location or something like that?

    Now, of course if they are valid AD users AND they are still in the same container that the LDAP record is pointing to then i'm not sure what might be happening here and a support ticket may be warranted.

  • 0

    I think I remember something like this happening to us and the fix we put in place was on the AD/LDAP options panel, I choose NO for Sync With Existing WHD Clients Only

    I could be mistaken though...

    Hope this helps - Erik

  • 0

    As far as we've been able to tell, these users aren't in some weird secluded OU. They're all in a very large OU that makes up the bulk of our regular users.

    Currently, we have it set so that when LDAP records are removed, it deactivates the account, but wouldn't that mean if the user was removed entirely and not just marked as locked out in AD?

    As for Edwelly's suggestion, this potential fix is not really feasible within our environment since we want their WHD account password to sync up with their current AD password.

    Edit: Misread Edwelly's suggestion. We already have our users set up in this way.

  • 0

    We have this too. Of our 2600 active LDAP/AD staff accounts (clients) maybe 4-5 will randomly show (I), but if I manually run another sync during the day, it switches them back to active. I haven't investigated too much on this since it seems pretty random and the next sync at 1am nightly usually resolves it for them.

  • 0

    You can try the following:

    1. Re-create your LDAP connection (delete the existing and create a new one)

    2. If the issue is consistent on particular user, you can login to the webhelpdesk database and run the following query:

    Update client set inactive='0' where user_name=

    The workaround will prevent the users from deactivating everytime the scheduled ldap sync would run

SolarWinds solutions are rooted in our deep connection to our user base in the THWACK® online community. More than 195,000 members are here to solve problems, share technology and best practices, and directly contribute to our product development process.

SolarWinds Customer Success Center Certification Media Vault Link Accounts
About THWACK Blogs For Government Edit Settings Free Tools & Trials
Legal Documents Terms of Use Privacy California Privacy Rights Security Information
©2024 SolarWinds Worldwide, LLC. All Rights Reserved.