Active Directory Synchronization and Deleting Users

bclayton1896 · ‎03-10-19

We ran into an issue where we had a user who previously developed Digital Workers for us had left our group. The user was part of an Active Directory (AD) group.

The user came back and many teams looked into why this user could not be added back into Blue Prism (although they remained in the group) after synchronization.

TL;DR version - The users table in our Blue Prism database still contained an entry for this user with a status of "Deleted".

We fixed the issue, although I am not inclined to discuss how as I think it best to stay out of the BP database as a general rule. This is more of a heads-up, in the event that you are experiencing a similar issue. Open a support ticket with Blue Prism if you are having a similar AD synchronization anomaly.

------------------------------
Brian Clayton
Lead Developer - C#/Blue Prism RPA
The Auto Club Group
America/Detroit
------------------------------

SteveWaters · ‎08-10-19

It maintains the User ID for auditing purposes. Let me clarify did you delete the account from AD and recreate it? I'm sure BP is using the actual user name.

In AD if you delete a user and recreate them it's still a different account (SID/RID) is unique. I'm pretty sure BP uses the User Name as the Primary Key which explains the issue and yes, thank you for not sharing the SQL query to edit the user account. This should be added to our use cases to address.

------------------------------
Steve Waters
Platform Consultant
Blue Prism Professional Services
America/Chicago
------------------------------

JOSESABIO · ‎09-01-23

Hi Steve,

Actually not, it seems that BP is using SID as primary key.

------------------------------
JOSE SABIO
------------------------------

SS&C Blue Prism Community

Active Directory Synchronization and Deleting Users