5 Replies Latest reply on Feb 10, 2017 3:09 PM by colesy

    WHD clients marked as inactive after manual AD sync

    techsupport@gfs.org

      Hi all,

       

      We have been having an issue with Web Help Desk in which our clients are being marked as Inactive despite them having AD accounts which are enabled. Since we are a school, we update AD each year to account for the change in students' enrollment status which may include having their AD accounts disabled, but not deleting them. It used to work for us where the auto-synchronization would manage this on its own. However, we are now hearing that clients are unable to put in tickets due to their WHD accounts being inactive. I am able to manually re-activate their WHD accounts just for the sake of moving them forward with ticket creation, but this means our client records aren't as they should be. Below is what I know and have done so far:

       

      • We do not appear to be having any issues with WHD contacting our LDAP server
      • The settings under Connection Basics and Attribute Mappings appear to be correct (I can post screenshots if this will be helpful)
      • This issue doesn't necessarily seem to affect all of our clients and there is no clear pattern
      • I made a slight correction to the search filter as it previously had some extra spaces inserted, but it did not have any effect
      • Contacted WHD support who remoted in and made some changes which were primarily related to RAM allocation for JVM (this didn't seem to help at all other than with performance)

       

      I took one client and used it as a test to see what would happen when I made various changes. Initially, it was marked as Inactive in WHD which meant I was unable to search for the client by last name, but if I checked Search LDAP, it would show the client record. As a test, I disabled the relevant AD account, performed a manual sync, and I was then unable to search for it even with Search LDAP checked (this is what I expected to see). When I manually activate the client and perform a manual sync (with the AD account enabled), it remains set to Active. This is good, but I have 800+ current clients to verify along with a larger number of clients that should stay inactive (employees that have resigned, students not returning, etc.)

       

      Essentially, I would like for WHD to sync with AD such that accounts which are enabled in AD are marked as Active in WHD and those that are disabled in AD are marked as Inactive in WHD. Any thoughts on where to go next?

       

      Thanks!
      Steve

        • Re: WHD clients marked as inactive after manual AD sync
          justin.gray@weldre4.k12.co.us

          A while back I created a support case with the same issue; when AD accounts are re-enabled, the WHD account remains set to 'inactive'.  This is the response I received from support:

          With regard to the problem you reported, the behavior is by design. Unfortunately, this cannot be changed due to constraints in the Lightweight Directory Access Protocol (LDAP) standard.

           

          So, we must reactivate WHD accounts manually if/when the AD account is re-enabled.

           

          Regarding accounts becoming deactivated, is it possible these accounts exist in or were moved into an OU that is not being sync'd with WHD? IIRC, moving accounts into an OU that is not sync'd via LDAP will make them inactive, as well.

            • Re: WHD clients marked as inactive after manual AD sync
              techsupport@gfs.org

              Hi Justin,

               

              I really appreciate the response as this is the clarification I needed. I actually was not certain that it ever functioned in a way such that it would toggle active/inactive for WHD client objects based on the active status for an AD account. It seems as though I should have mentioned this! Our previous sysadmin had set this up which is why we were in the dark. I'm OK with manually re-activating the accounts in WHD as I can likely do this as a batch process and it only needs to be done once a year.

               

              As for your question, the DN is set for OU All Users (see below) which is where all of our users are contained so there's really no chance of AD users being moved to an OU elsewhere.

               

              Thanks again!
              Steve

              • Re: WHD clients marked as inactive after manual AD sync
                colesy

                I'm not sure what the constraints are.  If user is in sync and currently inactive reactivate.

                 

                We ran into an issue where all 15,000+ users were marked inactive. We thought we were going to have to manually activate them all 100 at a time. It turns out you can just ran a simple SQL command on the WHD clients table that updates the inactive field for each user from 1 to 0. Now all users are active again. We re-ran the sync and all was good.