5 Replies Latest reply on Sep 9, 2016 1:05 PM by scylr

    Small subset of clients seem to randomly become inactive.

    kntrotman

      I have about 4 or 5 users out of about 200 in my company that seem to get marked as inactive every day.

       

      We're syncing via LDAP, and from what I can tell, these users don't even seem to be attempting to access Help Desk most of the time.

       

      It seems to be consistently the same users each time, and they won't be locked out in AD, but WHD will have them marked as inactive.

       

      We've been able to get by with manually reactivating them, but it's incredibly frustrating for them and us since they have to call us to be unlocked just so they can submit a help desk ticket.

       

      Is anyone else experiencing this issue? Any advice would be greatly appreciated.

        • Re: Small subset of clients seem to randomly become inactive.
          kellytice

          Hmm.. the only thing i can think of offhand is if the LDAP sync is seeing them as not active in AD and so it is taking action as defined at the bottom of the LDAP setting page:

           

          When LDAP Records Are Removed

           

          Delete ClientDeactivate ClientNo Action

           

           

          Is there anything common about the accounts that are getting disabled - like they are all in an isolated OU in the domain or all are in a certain Location or something like that?

          Now, of course if they are valid AD users AND they are still in the same container that the LDAP record is pointing to then i'm not sure what might be happening here and a support ticket may be warranted.

          • Re: Small subset of clients seem to randomly become inactive.
            edwelly

            I think I remember something like this happening to us and the fix we put in place was on the AD/LDAP options panel, I choose NO for Sync With Existing WHD Clients Only

            I could be mistaken though...

             

            Hope this helps - Erik

            • Re: Small subset of clients seem to randomly become inactive.
              kntrotman

              As far as we've been able to tell, these users aren't in some weird secluded OU. They're all in a very large OU that makes up the bulk of our regular users.

               

              Currently, we have it set so that when LDAP records are removed, it deactivates the account, but wouldn't that mean if the user was removed entirely and not just marked as locked out in AD?

               

              As for Edwelly's suggestion, this potential fix is not really feasible within our environment since we want their WHD account password to sync up with their current AD password.

              Edit: Misread Edwelly's suggestion. We already have our users set up in this way.

              • Re: Small subset of clients seem to randomly become inactive.
                michellem812

                We have this too. Of our 2600 active LDAP/AD staff accounts (clients) maybe 4-5 will randomly show (I), but if I manually run another sync during the day, it switches them back to active. I haven't investigated too much on this since it seems pretty random and the next sync at 1am nightly usually resolves it for them.

                • Re: Small subset of clients seem to randomly become inactive.
                  scylr

                  You can try the following:

                   

                  1. Re-create your LDAP connection (delete the existing and create a new one)

                   

                  2. If the issue is consistent on particular user, you can login to the webhelpdesk database and run the following query:

                   

                  Update client set inactive='0' where user_name=

                   

                  The workaround will prevent the users from deactivating everytime the scheduled ldap sync would run