eADM
eADM
Breadcrumbs

How to Handle Duplicate Users in Active Directory

When a user has more than one account in Active Directory, these duplicate accounts must be merged to ensure proper synchronization and access. This guide provides two methods for resolving duplicate user accounts: a manual process and an automated command-line solution.


Manual Resolution

This method involves manually editing user attributes in Active Directory and then restoring the connection in the eADM .


  1. Identify the duplicate user account you want to delete and the primary account you want to keep.


  1. On the duplicate account (the one you will delete), clear the values from the following Active Directory attributes:

    • employeeID (which typically stores the employee ID)

    • employee number (which may contain the national identification number or another identifier)


  1. On the primary account (the one you will keep), make sure the employeeID The attribute contains the correct employee number.


  1. Delete the duplicate user account from Active Directory.


  2. In the eADM , navigate to the user's profile and restore the link to the primary AD account. Go to: User -> User Anchors and click Restore User.


Automated Resolution Using eAdm.client.exe

The local eADM includes a tool that can automate the process of merging duplicate accounts.


Command Syntax

You can run the command from the eADM directory. The syntax is as follows:

c:\eadm\eadm.client.exe duplicate [orgnr] [username_to_keep] [username_to_delete]

  • [orgnr]: The official Norwegian organization number for your entity.

  • [username_to_keep]: The sAMAccountName of the user account you want to keep.

  • [username_to_delete]: The sAMAccountName of the duplicate user account that will be deleted.


Prerequisites

For the command to execute successfully, two conditions must be met:

  • Matching Employee ID: Both user accounts must have the exact same value in the employeeID attribute.

  • Correct OU Path: The user account you want to keep must be located in the Active Directory organizational unit specified in the eAdm.Client.exe.config file, under the key MergePath_[orgnr].


Example Scenario

A municipality has two accounts for the same user:

  • Old account to keep: karnes1

  • New duplicate account to delete: karnes2

  • Organization number: NO964979812


Command 

eAdm.Client.exe duplicate NO964979812 karnes1 karnes2


Command Outcome

When the command is executed, the following actions occur:


  1. The user account karnes2 is deleted from Active Directory.


  1. The user account

    karnes1 is linked to the corresponding user in eADM.


  2. The karnes1 The account is updated in Active Directory with all attributes and group memberships defined in the organization's AD configuration.