Home Service Manager
Options

SCSM Users management

Sam_NguyenSam_Nguyen Customer IT Monkey ✭
in Service Manager

1. I noticed that disabled users from AD still exist in the SCSM config users list, thus they are still searchable from the portal. Is there a connector setting or way to "delete" terminated users in the CMBD?

 

We have a big AD connector that pulls all users in, but I suppose it doesn't "read" termed users and delete them from the CMDB.

 

2. If I manually create a user in SCSM config, is that ok? Will the AD connector be affected in any way? (in other words users can be created via AD pull or manually?)

Answers

  • Options
    Geoff_RossGeoff_Ross Cireson Consultant O.G.

    Hi @Sam_Nguyen

    1. Its a bit tricky. Technically if you create another AD connector and target the "AD Recycle Bin" and get the permissions right, then it will read that they have deleted and delete them from SCSM. There's no OOB way to do this based on disabling a user though.

    I suggest a runbook / script etc that manages this.

    2. Again, you need to be very careful here. SCSM has a complicated concept of users and a "user" you create in the console under Users → Create User is not the same "user" as the AD creates. The "incorrect" type of user will not be visible to the Cireson Portal so they will not be able to log in AND it will then "block" the AD connector from creating the "correct" type of user.

    Sorry for all the "quotes". I'm trying to keep it simple and accurate but SCSM does not make it simple. There's a lot of depth here with classes and inheritance you would need to read up on to fully understand if you want to.

  • Options
    Sam_NguyenSam_Nguyen Customer IT Monkey ✭

    Thanks @Geoff_Ross

    If I may clarify #2… this only happens when there's a "duplicate" user being pulled from AD and also manually created?

    and if I'm trekking the right path, it would be no problem creating a user in the console as long as there's no AD record for that user?

    Here's context to my question if it helps. I want an external user to be able to send emails through our OOB exchange connector that creates a ticket. I have the box checked to not process any emails from users outside our CMBD. Hence, I want to create their user in CMBD with their email address.

  • Options
    Geoff_RossGeoff_Ross Cireson Consultant O.G.

    Hi Sam,

    You still need to think that fully through. A manually created user would allow the Exchange Mailbox to process the email even with that box checked. BUT, they would not appear in Portal User pickers to select from. If you need that too, you will need to create your users via PowerShell to get the right class.

    Geoff

Sign In or Register to comment.