Thanks. I'll give that a try on our test box.
We are on 9.0, I've done this for other customers in the past on 9.0,
but usually prior to go live from a migration, never post migration.
Thanks,
Steve D.
Quoting Ross Jessen <rjessen@fishbowlsolutions.com>:
> After you have the AD integration installed, the user
> authententation and other data (email address, etc) should just
> begin being read from AD instead of Aphelion assuming their login
> name is the same in both system. Starting with 8M050 (which uses
> Apache2.2) you can have two LDAP's. Windchill will try to find the
> user in the first LDAP (AD), and if it is not found there it will
> look in the second LDAP (Aphelion).
> After the integration is installed you could delete the users from
> Aphelion if you wanted to clean it up. but it won't hurt anything to
> just leave them there.
> BTW - Don't even try this if you are on 8M030 or earlier, it will
> not reconnect a user that does not have an identical DN
> (Distinguished Name)
> In 8M040 they added some fuzzy logic which will reconnect
> disconnected users based on the simple username. But in 8M040 only a
> single LDAP can be used for authorization (a limitation in Apache
> 2.0), so you connect to either Aphelion or AD, and if AD is used a
> password file must be created to handle authentication of all non-AD
> accounts.
>
>