eADM
eADM
Breadcrumbs

How to Handle Duplicate Users in Active Directory

When a user has more than one account in Active Directory, these duplicates must be merged to ensure correct synchronization and access. This guide provides two methods for resolving duplicate user accounts: a manual process and an automated command-line solution.


Manual Resolution

This method involves manually editing user attributes in Active Directory and then restoring the connection in the eADM portal.


  1. Identify the duplicate user account you want to remove and the primary account you want to keep.


  1. On the duplicate account (the one you will delete), clear the values from the following Active Directory attributes:

    • employeeID (which typically stores the employee number)

    • employeeNumber (which may store the national identity number or another identifier)


  1. On the primary account (the one you will keep), ensure the employeeID attribute contains the correct employee number.


  1. Delete the duplicate user account from Active Directory.


  2. In the eADM portal, navigate to the user's profile and restore the link to the primary AD account. Go to: User -> User Anchors and click Restore User.


Automated Resolution using eAdm.client.exe

The local eADM client includes a tool that can automate the process of merging duplicate accounts.


Command Syntax

You can run the command from the eADM installation directory. The syntax is as follows:

c:\eadm\eadm.client.exe duplicate [orgnr] [username_to_keep] [username_to_delete]

  • [orgnr]: The official Norwegian organization number for your entity.

  • [username_to_keep]: The sAMAccountName of the user account you want to keep.

  • [username_to_delete]: The sAMAccountName of the duplicate user account that will be deleted.


Prerequisites

For the command to execute successfully, two conditions must be met:

  • Matching Employee ID: Both user accounts must have the exact same value in the employeeID attribute.

  • Correct OU Path: The user account you want to keep must be located in the Active Directory OU specified in the eAdm.Client.exe.config file, under the key MergePath_[orgnr].


Example Scenario

A municipality has two accounts for the same user:

  • Old account to keep: karnes1

  • New duplicate account to delete: karnes2

  • Organization number: NO964979812


Command 

eAdm.Client.exe duplicate NO964979812 karnes1 karnes2


Command Outcome

When the command is executed, the following actions occur:


  1. The user account karnes2 is deleted from Active Directory.


  1. The user account

    karnes1 is linked to the corresponding user in eADM.


  2. The karnes1 account is updated in Active Directory with all attributes and group memberships defined in the organization's AD configuration.