LDAP integration to Orchestrator using legacy domain-name

LDAP integration has been enabled in the web.config and settings enabled in IIS.
The problem I am getting is that the users are getting found during LDAP search when adding but when they are imported they are getting the suffix of our legacy domain name.
the email address is correctly imported but the user is not functional because it has a different name.
Example:
user ID: johnsmith@oldDomain
email address: johnsmith@domain.com
the web.config does have the windows.authentication=“True”
and the domain is correct for us but it resolves to the legacy:
LEGACYDOMAINNAME\johnsmith
versus
johnsmith@domain.com

1 Like

hi @kbarnas

suffix is for Per-user services are services that are created when a user signs into Windows or Windows Server and are stopped and deleted when that user signs out
These services run in the security context of the user account. You can’t view the template services in the Services console, but you can see the user-specific per-user services - they are displayed using the _LUID format (where LUID is the locally unique identifier).

you may have to disable Per-user services or may be create a group policy for windows side and relevant orchestrator users should be in that unique group
Refer the following link may help
source : https://docs.microsoft.com/en-us/windows/application-management/per-user-services-in-windows

2 Likes