Howdy, Stranger!
Categories
- All Categories
- 73 General
- 73 Announcements
- 66.6K Microsoft Dynamics NAV
- 18.7K NAV Three Tier
- 38.4K NAV/Navision Classic Client
- 3.6K Navision Attain
- 2.4K Navision Financials
- 115 Navision DOS
- 854 Navision e-Commerce
- 1K NAV Tips & Tricks
- 772 NAV Dutch speaking only
- 615 NAV Courses, Exams & Certification
- 2K Microsoft Dynamics-Other
- 1.5K Dynamics AX
- 300 Dynamics CRM
- 109 Dynamics GP
- 10 Dynamics SL
- 1.5K Other
- 993 SQL General
- 384 SQL Performance
- 34 SQL Tips & Tricks
- 34 Design Patterns (General & Best Practices)
- Architectural Patterns
- 10 Design Patterns
- 5 Implementation Patterns
- 53 3rd Party Products, Services & Events
- 1.7K General
- 1.1K General Chat
- 1.6K Website
- 79 Testing
- 1.2K Download section
- 23 How Tos section
- 259 Feedback
- 12 NAV TechDays 2013 Sessions
- 13 NAV TechDays 2012 Sessions
Deleting users from Windows Login deletes more users than desired
AK
Member Posts: 226
Hi all,
I used this code
to periodically delete all users from the Windows Login table that had been deleted in Active Directory. If they are deleted, their record in Windows Login changes the ID from domain\username to the SID.
It worked fine during tests. But when rolled out to our databases in some cases users where deleted that where still valid Active Directory users. And as long as the code ran, those users would be deleted, no matter how often they have been put back in the Windows Login table. Other users where not affected at all.
I had the suspicion that only those users where affected who had been deleted (not deactivated) from AD when they left the company and where created again with the same username (but different SID) when they joined us again later, but I couldn't reproduce that.
What makes it even more weird is that the same user was deleted from some, but not all databases although the delete job ran everywhere. There seems to be no pattern.
Can someone make sense of this?
I used this code
IF WinLogin.FINDSET(TRUE,FALSE) THEN BEGIN
REPEAT
WinLogin.CALCFIELDS(ID);
IF WinLogin.SID = WinLogin.ID THEN
WinLogin.DELETE(TRUE);
UNTIL WinLogin.NEXT = 0;
END;
to periodically delete all users from the Windows Login table that had been deleted in Active Directory. If they are deleted, their record in Windows Login changes the ID from domain\username to the SID.
It worked fine during tests. But when rolled out to our databases in some cases users where deleted that where still valid Active Directory users. And as long as the code ran, those users would be deleted, no matter how often they have been put back in the Windows Login table. Other users where not affected at all.
I had the suspicion that only those users where affected who had been deleted (not deactivated) from AD when they left the company and where created again with the same username (but different SID) when they joined us again later, but I couldn't reproduce that.
What makes it even more weird is that the same user was deleted from some, but not all databases although the delete job ran everywhere. There seems to be no pattern.
Can someone make sense of this?
0