Washington DC Endpoint Management User Group

Some how my AD synch stopped working and while trying to troubleshoot the USER accounts got the wrong ADLoginName so process manager authentication stopped working. Can I just truncate the user table in the ProcessManager DB and force a new synch?

I wouldn't truncate the entire table, as the Admin and gues user rows are in there. You could always try just deleting every user where IsActiveDirectorUser = true (you have to delete all associated child rows first, like UserEmailAddress, UserAddress, etc.), and then forcing an AD sync. If these AD users have any assignments, this becomes harder.

In any event, I would backup the database before trying this.

If you do a true truncate you'll delete the admin user break the portal. You could delete all users where IsActiveDirectoryUser=1.

When you say the AD name is wrong do you have something like IP\user? If so it may be easier to do an update query like:

I ended up doing that. The main issue was that I had the "Create User at Login" box checked with the AD synch profile. This wasn't needed since the accounts are created when the Synch runs. For some reason it was using the wrong domain name and even though I corrected the synch job, the old account wouldn't update. I ended up having to restart the workflow extensions from the tray icon and then restart IIS. After that, the AD import started using the correct settings again and new users got imported with the correct ADLoginName.

The big thing to note for everyone is that you should have the "Create User at Login" box checked on your AD synch profile.