Is there any way to filter an AD group for Synchronization? RRS feed

  • Question

  • Project Server 2010 , the AD synchronization fails every week because of users who have left the organization.

    Is there any way to filter the AD group so that only active users are picked up into the application?

    Thanks in advance.

    Tuesday, April 29, 2014 2:27 PM

All replies

  • Hi EPM Quest,

    Exclude these users accounts from security groups where they belong.

    It is not necessary to do this usually because an ex-employee account makes the Project Server account inactive.

    Maybe you can share the error message with us to make a more detailed analysis of your issue.

    Best regards, Ricardo Segawa - Segawas Projetos / Microsoft Partner

    Tuesday, April 29, 2014 3:35 PM
  • Thanks Ricardo.

    The problem is that if a user leaves, his id is usually reused.

    Eg. John Smith leaves the organization, his ID JSmith is reused.

    But the original record is in the AD group, so it fails to recognize the new user say Jack Smith.

    The error seen in the logs is typically:

    " A resource could not be updated during Project Server Active Directory Synchronization because a duplicate windows account name conflict occured that could not be resolved. Resource GUID: d2077b6c97992-57d5-4d87-9ba9-c6ae273. Resource Name XYZ"


    "the supplied windows account name is invalid."
    Wednesday, April 30, 2014 10:19 AM
  • I can't think of any configuration that would allow you to do so, with out of box AD Sync, Not an expert on the AD side, just in case if there are any rules that could be built to remove those users from the group to avoid sync, but that would lead to another problem where if same username is used again for project server could be handled manually by reactivating the user or something like that(bear with me just thinking loud)

    Alternate would be to have a custom solution that would perform the AD sync functionality along with your own custom built logic in order to avoid errors, starting point would be to look at similar kind of utility available on codeplex, which was for 2007 version but could be easily updated for any other version

    Thanks | Sunil Kr Singh | http://epmxperts.wordpress.com

    Wednesday, April 30, 2014 1:55 PM