Skip to main content

Preventing AD Object Duplication

Alex Mead
Updated

AD Connector

Step-by-step guide

 

This guide will show you how to stop HR records creating duplicate objects in Active Directory.

Contents

Introduction

There may be a scenario where an employee has been added to HR but they already have an AD Object that needs to be linked to the HR record. This could be a contractor becoming permanent or an employee who previously left rejoining the organisation. To prevent a duplicate accounts being created in AD when a new record is inserted into HR there are a couple of steps that need to be followed.

Lookup fields

The default installation of Ciphr AD Connector maps users based on Work Email (Ciphr) to userPrincipalName (AD). However, it is possible that your service is set to use a different mapping in AD (such as mail & surname). If unsure and you would like to clarify, you can check within the portal.

Go to the following area:

  • Login to your AD Connector portal (IT Access only)
  • Workflow Configuration > Sync - Map CIPHR Records to AD  > Edit Chart > Sync AD User to CIPHR > Edit > Attached user combinations

Ensure Ciphr data matches AD

Once you are sure of which field is being used as the lookup for the mapping, check the employee’s HR record to ensure the data (Work email by default) matches the AD object (UPN by default).

As long as these fields align before the next scheduled run, no duplicate record will be created in AD.

If a duplicate record is created in error, this can be resolved by deleting the duplicate AD object and updating the mapping of the record. This is covered in a different KB article.

Re-joiners

Where an employee already has a HR record that is linked to an AD object and is a leaver, this will need to be excluded from the AD Connector service, otherwise the AD Object will be processed as a leaver and be disabled.

Go to the following area:

  • Latest (left-hand) menu:Personal > Personal Details > IT Systems
  • Pre 2025 (top) menu:Personal Data > Personal Information > Personal Details > IT Systems

Select 'Yes' from the Exclude from AD dropdown. This will then exclude this HR record from the service.

 

Footer

Related to

Related articles

Comments

0 comments

Article is closed for comments.