Community Tip - You can Bookmark boards, posts or articles that you'd like to access again easily! X
Hi,
For last 7+ years in Windchill Production at Alcon, we stored Users & Groups information in Windchill Active Directory. Since June 2014, we have moved to our Corporate Active Directory. I would like to know how other companies handled users who have left the company. There are few things we have discussed internally, but would like to know more from the user community.
Process 1:
1) User ABC left the company.
2) It becomes disconnected principal in Windchill
3) Delete user ABC from Windchill
Process 2:
1) User ABC left the company
2) Associate user ABC to a new local user something like ABC - Deactivated which is only existing in Windchill Active directory.
I prefer process 1 stated above. Only issue with that I can forsee is we cannot search on what all activity user ABC has done in Windchill before leaving.
Process 2 gives advantages on searching on this user, because it is not disconnected anymore. However we are altering history here. Everywhere the user is replaced with ABC - Deactivated.
Let me know how it is handled at your end.
Thanks,
Preeti
Only issue with that I can forsee is we cannot search on what all activity user ABC has done in Windchill before leaving.
This is not accurate. Deleting a user from Windchill removes them from the directory server but it does NOT remove them from the WTUser table. A flag is set in the table to show they have been deleted, but you can continue to search for things created by them. When this flag is turned on, "(deleted)" will automatically be appended to their name in the GUI.
Which version of WC? It seems like this behavior was changed between 9.x and 10.x to allow retaining user info after users were removed.
Doubtful, but is it clearly documented in the WC Admin/Manager's guide?
We are currently on 10.2, but the users were deleted back in 9.1. CS45262 explains how to search for objects created by deleted users. Basically, you set the following property:
xconfmanager -s wt.org.populateUserFullNameFields=true -t codebase/wt.properties -p
The info about the WTUser table behavior is from a recent tech support case dealing with how some (really) old deleted users are being displayed. (Missing first and last name.) Per TS, I will be manually editing those rows in the table to include the currently missing information.
If not apparent, I follow process #1. The only disadvantage with this method is that if a deleted user later returns to the company they end up with two separate records in the WTUser table. That means you will have to search for things created by the "new" user separate from the "(deleted)" user. I imagine there is some database manipulation that could be done to somehow reactivate the old record, but this is beyond my knowledge.
Yes, you can re-activate an old user through the database (unfortunately, there's no way to do this through the UI). Like you mentioned in your previous post, deleting the user doesn't delete their record in the WTUser table, but just set's the value of the 'disabled' column to 1. If the user later needs to be reactivated, you just need to update the user's WTUser entry to set the disabled column back to 0. At that point, Windchill will see the user as disconnected. Then, you can just go into the Principal/Participant Administrator, search for disconnected users, and reconnect it to the LDAP account like any other disconnected user.