As Windchill Admin, I'm suddenly getting emails with the message "
The Windchill principal named JDoe of type wt.org.WTUser needs repair. The principal is missing in LDAP
Nothing has changed on either the AD side of things or in Windchill. At random times of day, two or three emails about various users are coming up, all of them former employees. They're not still in Windchill as users, the only way I can find them is to Search Disconnected Participants in Participant Administration.
Is it OK to just delete them from there? I don't want to mess up any history.
General consensus is to NEVER delete users from Windchill, but to mark them as no longer active.
Be careful of replace user, too. I replaced a manager in a role when he left the company with the new manager and it changed it every place, including who signed off on a workflow. Completed data should not be changed like that. I won't be doing replace user again.
If these are legit users and have to be in Windchill, do not delete them. First check for the reason why they have became 'disconnected'. It likely that either AD has some issues (or) they have been removed from AD as they are no more part of your Windchill application.
Once you are clear with reason, you can think about - repair these users or delete them. Deleting the users from Windchill will keep the history intact. You will be seeing user name for history like - '<User Name> (deleted)' for fields Created By, Modified Bye etc.,
Thanks & Regards,
A bit more explanation here that may be of interest:
- User accounts are created and managed in Windchill Directory Service (Windchill DS), aka LDAP
Not necessarily. With "full" Active Directory integration, the user accounts only exist in Active Directory, they do not exist in Windchill DS and are not managed there. (Yes, groups in Windchill DS can still include these Active Directory users.)