Home Service Manager

Why are there more Users in SCSM than AD?

Sam_NguyenSam_Nguyen Customer IT Monkey ✭

While creating a notification subscription, the list of available recipients is 9. In SCSM > Users, it shows 9 results as well.

However, in our AD, they don't exist. Only 3 results show for "informatics".


Questions:

  • Why is this? Our AD connector pulls all users/groups into SCSM. Why are there 9 results in SCSM and only 3 in AD, if it pulled from AD?
  • Why are they named differently in SCSM subscriptions vs users?

Thanks

Answers

  • Simon_ZeinhoferSimon_Zeinhofer Customer Ninja IT Monkey ✭✭✭✭
    edited August 2023

    @Sam_Nguyen

    Do you have an exchange connector enabled? if yes, users, who are not in the SCSM DB already, and send an email to your address, which gets monitored by the connector, will be created in the SCSM Database (if the corresponding checkbox is enabled). And if, let's say the email address is test@testdomain.com, the domain for this user inside the SCSM DB will be "testdomain.com" - So when I look at your screenshot, there are 2 domains with .org at the end, that would indicate, that these users have been created by the exchange connector. Or do you have an internal domain with name svh.org or snoqualmiehospital.org ?

    Also be aware that SCSM users, who do not exist in AD anymore, are only deleted if your AD connector account has access to the AD recycle bin.

  • Sam_NguyenSam_Nguyen Customer IT Monkey ✭

    Hi Simon,

    Yes the exchange connector is enabled. Does evidence then point to these Groups/Users being created by emailing our address? As in for example, informaticshelpdesk@snoqualmiehospital.org emailed ITsupport@overlakehospital.org (our exchange email) at some point, which created their account?

    If so, it seems puzzling to me why they did, and how. I'm not even sure if it is a "real" user.

    We do not have an internal domain named svh.org or snoqualmiehospital.org. Snoqualmie is an outside organization who uses our Cireson. Our domain is OHMCNT.

    Also to the last point, how do we find out if our AD connector account has access to the AD recycle bin? And does this mean that, say a user is created in AD, pulled into SCSM by connector, then deleted in AD. Do they stay in SCSM forever although deleted in AD?

  • Simon_ZeinhoferSimon_Zeinhofer Customer Ninja IT Monkey ✭✭✭✭

    @Sam_Nguyen Yes when this informaticshelpdesk@snoqualmiehospital.org writes an email to your helpdesk and there is no user for that mail address, a new user is created in your SCSM DB. So for me it seems that's the case here.

    In our case the AD Connector user does not have access to the recycle bin and we have a custom workflow for these users, with mail to manager, whene a deleted user is the owner of a config item for example. If we dind't have that they would remain in the db forever- except if we deleted the connector, but that should not be done...

  • Sam_NguyenSam_Nguyen Customer IT Monkey ✭

    Interesting... I wonder how many "dead" accounts exist in SCSM then compared to our AD. That might be a scary number, non-existent users and groups taking up SCSM space..

    Do you know if the users/groups above still work? As in, if I create a subscription with the recipient being informaticsgroup@snoqualmiehospital.org, will it trigger and send notifications to that address? even if they don't exist in our AD anymore?

    Let me know if that makes sense.

  • Simon_ZeinhoferSimon_Zeinhofer Customer Ninja IT Monkey ✭✭✭✭
    edited August 2023

    @Sam_Nguyen SCSM uses the notification objects related to a user. So if you hsve one of these "dead" or non existing accounts, notifications are still sent, when a notification object exists on that user. You can also add notification objects to existing users, when you want to e.g. send mails to a secondary address as well

Sign In or Register to comment.