Try these stuff on your test machine prior to executing on production.

dn means distinguished node

1.Export the ou=people node under EnterpriseLDAP node to ldif file

2. do manual edit of the file to replace the reference to EnterpriseLDAP with AdministrativeLDAP relevant dn

3. Backup remoteobjectid table

4. then execute update remoteobjectid set remoteobjectid=replace(remoteobjectid,'<dn refereing=" enterprise=" ldap=">','<dn referening=" adminsitrative=" ldap=">');

FYI, i have applied all these steps as part of rehosting but not for a case as of you. So, it may work or may not be.

DISCLAIMER: Author doesn't responsible for any unforeseen things happened due to implementing the suggested process

After looking at this a bit more and doing some background reading, it would appear the the Enterprise branch IS the right place for new principals. The fact that that all the migrated users ended up in the administrative branchwould appear to be a migration issue. I gather that branch is really meant for system admin type users and not for general users. I'm not sure whether this was a option or not as I didn't do the migration myself.

Thanks for the comments.

I agree that this could be documented better.

In Reply to Andrew Mansfield:

I somehow managed to create a number of new users under the cn=EnterpriseLdap, ou=people branch instead of cn=AdministrativeLdap, ou=people using the WC Principal Administrator.

Can I move these users from the EnterpriseLdap to the AdministrativeLdap branch using the Syntegra Ldap browser?

All the people in the Administrative branch were created during our 3.4 - 9.1 migration last year. The new accounts were mosty summer interns, who've already left, the only important account there is orgadmin, which was obviously created by Windchill.

Is this even an issue? If these new accounts are actually in the right place, then I'll leave them alone. It just bothers me to see these in a different area. I guess I need to brush up on my WC user management knowledge.

We're on WC 9.1 M020

We tried things but had to do it manually:

Steps Redirecting Windchill to point to Active directory or different adapters

· Using the wcadmin account in Windchill browser under Site, Utilities, Principal Administrator, the modify userid to match the Active Directory

· Searching for users in Aphelion/Directory Server

· In the Aphelion or Directory Server console tool

· /ptc/DirectoryServer/server/bin/control-panel

· Select Manage Entries

· Find the user (i.e you)

· Select Entires, delete

· Comfirmation Required: yes

· In the Principal Administrator browser page under Maintenance form, select the search disconnected principals icon (binoculars)