locked
PS 2010 AD Synchronisation RRS feed

  • Question

  • I haven't worked much with AD Synch in 2007 but am investigating it in 2010

    I created an AD group which I associated with EPM group.

    Ran synchronisation and user was added to EPM and to the correct epm group

    I went back to AD, removed user from group and also disabled his account

    I re-ran ADsynch and user was removed from epm group but his user account was still flagged as Active.

    I had hoped it would have changed to Inactive.

    Is this by design or a bug?

    Thx

    Mike

     

     

    Thursday, October 14, 2010 10:49 AM

Answers

  • All

    After reading up on 2007 processes this behaviour is by design (AD synch of Security Groups).

    The only time a user can be made inactive is by using AD synch with the resource pool.

    Unfortunately in my scenario most of my users are not resources, and so I suppose I will have to make them inactive manually.

    rgds

    Mike

     

    • Marked as answer by Sleekstone Thursday, October 14, 2010 12:09 PM
    Thursday, October 14, 2010 12:08 PM

All replies

  • All

    After reading up on 2007 processes this behaviour is by design (AD synch of Security Groups).

    The only time a user can be made inactive is by using AD synch with the resource pool.

    Unfortunately in my scenario most of my users are not resources, and so I suppose I will have to make them inactive manually.

    rgds

    Mike

     

    • Marked as answer by Sleekstone Thursday, October 14, 2010 12:09 PM
    Thursday, October 14, 2010 12:08 PM
  • Active/Inactive only applies to the Resource Pool sync - not the Security
    Group sync.
     
    I don't recall 2007 being any different....
     
    Andrew Lavinsky [MVP]
    Twitter: @alavinsky
     
     

    Andrew Lavinsky [MVP] Twitter: @alavinsky Blog: http://blogs.catapultsystems.com/epm
    Thursday, October 14, 2010 12:11 PM
  • But if you remove them from the group, they won't have login rights....
     
    Andrew Lavinsky [MVP]
    Twitter: @alavinsky
     
     

    Andrew Lavinsky [MVP] Twitter: @alavinsky Blog: http://blogs.catapultsystems.com/epm
    Thursday, October 14, 2010 1:07 PM
  • Hi Andrew

    So if I do a resource synch, followed by a team member group synch I remove login rights for anyone not a member of the tm ad group. I am sure my IT department will be amazed by this fiendish approach.

    rgds

    Mike

     

     

     

    Tuesday, October 19, 2010 6:18 AM
  • HI All

    Describe a scene first

    System Check resource status in Project Server 2010 Resource Lib When the resouce user his's account to load Project Server 2010,if its active then Check in AD ,Otherwise, do not allow login

    if active in Resource Lib(in Project Server 2010)  then Check in AD

    {

    if active in AD then login

    esle not allow login

    }

    else not allow login

    I hope U understand my mind,My Mother tongue is not English!


    I sale myself ONLY half CNY!
    Tuesday, October 19, 2010 7:19 AM