7 Replies Latest reply on Mar 29, 2018 2:00 AM by icarriere

    WHD clients marked as inactive after manual AD sync

    techsupport@gfs.org

      Hi all,

       

      We have been having an issue with Web Help Desk in which our clients are being marked as Inactive despite them having AD accounts which are enabled. Since we are a school, we update AD each year to account for the change in students' enrollment status which may include having their AD accounts disabled, but not deleting them. It used to work for us where the auto-synchronization would manage this on its own. However, we are now hearing that clients are unable to put in tickets due to their WHD accounts being inactive. I am able to manually re-activate their WHD accounts just for the sake of moving them forward with ticket creation, but this means our client records aren't as they should be. Below is what I know and have done so far:

       

      • We do not appear to be having any issues with WHD contacting our LDAP server
      • The settings under Connection Basics and Attribute Mappings appear to be correct (I can post screenshots if this will be helpful)
      • This issue doesn't necessarily seem to affect all of our clients and there is no clear pattern
      • I made a slight correction to the search filter as it previously had some extra spaces inserted, but it did not have any effect
      • Contacted WHD support who remoted in and made some changes which were primarily related to RAM allocation for JVM (this didn't seem to help at all other than with performance)

       

      I took one client and used it as a test to see what would happen when I made various changes. Initially, it was marked as Inactive in WHD which meant I was unable to search for the client by last name, but if I checked Search LDAP, it would show the client record. As a test, I disabled the relevant AD account, performed a manual sync, and I was then unable to search for it even with Search LDAP checked (this is what I expected to see). When I manually activate the client and perform a manual sync (with the AD account enabled), it remains set to Active. This is good, but I have 800+ current clients to verify along with a larger number of clients that should stay inactive (employees that have resigned, students not returning, etc.)

       

      Essentially, I would like for WHD to sync with AD such that accounts which are enabled in AD are marked as Active in WHD and those that are disabled in AD are marked as Inactive in WHD. Any thoughts on where to go next?

       

      Thanks!
      Steve

        • Re: WHD clients marked as inactive after manual AD sync
          justin.gray@weldre4.k12.co.us

          A while back I created a support case with the same issue; when AD accounts are re-enabled, the WHD account remains set to 'inactive'.  This is the response I received from support:

          With regard to the problem you reported, the behavior is by design. Unfortunately, this cannot be changed due to constraints in the Lightweight Directory Access Protocol (LDAP) standard.

           

          So, we must reactivate WHD accounts manually if/when the AD account is re-enabled.

           

          Regarding accounts becoming deactivated, is it possible these accounts exist in or were moved into an OU that is not being sync'd with WHD? IIRC, moving accounts into an OU that is not sync'd via LDAP will make them inactive, as well.

          • Re: WHD clients marked as inactive after manual AD sync
            mfloresd6

            Good afternoon Steve,

             

            We are having the same issues after we updated to the new version of the Help desk we are running ver 12.5.0 we are hosted has anyone found a fix for this issue?

             

             

            Thanks,

            Myra

              • Re: WHD clients marked as inactive after manual AD sync
                icarriere

                Hi Myra,

                 

                Inactive client accounts when using an LDAP connection is not a bug. Instead, this problem is the result of a connection timeout between Web Help Desk and the Directory Service.

                 

                Connection Timeout (Setup > Clients > AD/LDAP Connections > Connection Basics > Advanced)

                 

                Default: 20 seconds

                 

                In a hosted environment, you may consider configuring the LDAP connection to synchronize manually when new employees are added. This step could be added to your new hire process.

                 

                To resolve the immediate problem, use the Advanced Search to find the inactive client accounts.

                 

                Advanced Search (Clients > Advanced Search)

                Clients matching ALL of these conditions:
                Inactive = Yes

                 

                Then use the Bulk Action tool to activate the inactive client accounts.


                Regards,

                 

                Isaiah Carriere

                Web Help Desk Consultant
                Adeptec: SolarWinds Training and Professional Services

                LinkedIN: Adeptec

                ○ Facebook: Adeptec

                ○ Twitter: @Adeptec

                1 of 1 people found this helpful