Skip to main content
T
TJ_105053096-Contributor
6-Contributor
September 13, 2025
Solved

PDMLink disconnected users

  • September 13, 2025
  • 3 replies
  • 518 views

Article cs366586 refers to creating 2 mapping xml files. When I run the windchill wt.org.util.ReconnectPrincipalsUtility command below, it errors with mapping file not found. I assume that both the dnMapping and adapterMapping files need to be placed in a $WT_HOME directory before running the windchill comand. Can someone give advice on where these should be placed and if any wt.properties need to be set

 

Thanks in advance TJ

 

<dnMapping>\n

       <reconnect>\n

            <sourceDN>uid=$email,ou=<>,cn=<>,cn=<>,o=ptc<sourceDN>\n";

           <targetDN>uid=$email,ou=users,dc=xxxxxxx=,dc=okta,dc=com</targetDN>\n";

       <reconnect>\n

<dnMapping>\n

 

<adapterMapping>

           <sourceAdapter>net.company.InternalLdap</sourceAdapter>

           <targetAdapter>net.company.EnterpriseLdap</targetAdapter>

</adapterMapping>

 

windchill wt.org.util.ReconnectPrincipalsUtility [-u "wc_admin" ] [-p "xxxxxxxxx" ] [-f "/home/xxxx/mapping.xml"] [-d] [-h]

Best answer by mmeadows-3
It looks like you are at the end of an upgrade, moving away from WindchillDS to the corporate LDAP.
 
I used this utility to migrate users once.  Here is an example of the command for mapping user DNs.  The file doesn't have to be in the the Windchill load point.
windchill wt.org.util.ReconnectPrincipalsUtility -u wcadmin -p {password} -f D:\PTC\ParticipantsMap.xml
 
This is the syntax of ParticipantsMap.xml where <reconnect> can be repeated as many times as needed.
<dnMapping>
<reconnect>
<sourceDN>uid=$email,ou=<>,cn=<>,cn=<>,o=ptc</sourceDN>
<targetDN>uid=$email,ou=users,dc=xxxxxxx=,dc=okta,dc=com</targetDN>
</reconnect>
</dnMapping>
 
The <adapterMapping> is only necessary when migrating the user from one JNDI Adapter to another and I haven't needed it.  I'm guessing you would run the adapter mapping as a separate file.
windchill wt.org.util.ReconnectPrincipalsUtility -u wcadmin -p {password} -f D:\PTC\AdaptersMap.xml
 
And the AdaptersMap.xml would look like this.
<adapterMapping>
<sourceAdapter>net.company.InternalLdap</sourceAdapter>
<targetAdapter>net.company.EnterpriseLdap</targetAdapter>
</adapterMapping>

 

The fun part is mapping source to target DNs for hundreds or thousands of users.

-- Get source DNs (DB query)
select wtu.name, wtu.email, roid.remoteObjectId from WTUser wtu, RemoteObjectInfo roin, RemoteObjectId roid where wtu.idA2A2=roin.idA3A3 and roin.remoteId=roid.idA2A2 order by email;
 
# Get target DNs (Powershell)
Get-ADUser -Filter 'objectClass -eq "user" -and memberOf -eq "{DN of Windchill filter group}"' -SearchBase "{search base}" | Format-Table sAMAccountName,userPrincipalName,DistinguishedName -A
 

I put the values in Excel and align old and new values. Sometimes user's name or email attributes match or follow a consistent pattern between LDAP servers.  Sometimes it gets very tedious.  There is a way to export Excel to structured XML.  I did it once, but can't find my template file now.


In most cases I've found it quicker and easier to just update all the users with a DB query.  The <dnMapping> just updates the RemoteObjectId.remoteObjectId value.   Each sourceDN/targetDN pair is equivalent to this database update line.

-- Update one entry at a time.
update RemoteObjectId set remoteObjectId='uid=$email,ou=users,dc=xxxxxxx=,dc=okta,dc=com' where remoteObjectId='uid={userPrincipalName},ou=<>,cn=<>,cn=<>,o=ptc';

Or, when the DN structure changes are consistent...

-- Replace 'ou=<>,cn=<>,cn=<>,o=ptc' with 'ou=<>,cn=<>,cn=<>,o=ptc','ou=users,dc=xxxxxxx=,dc=okta,dc=com'
update RemoteObjectId set remoteObjectId=replace(remoteObjectId,'ou=<>,cn=<>,cn=<>,o=ptc','ou=users,dc=xxxxxxx=,dc=okta,dc=com') where remoteObjectId like '%,ou=<>,cn=<>,cn=<>,o=ptc';

 
Maybe someone else can respond with a full example for you.

3 replies

M
mmeadows-316-PearlAnswer
16-Pearl
September 14, 2025
It looks like you are at the end of an upgrade, moving away from WindchillDS to the corporate LDAP.
 
I used this utility to migrate users once.  Here is an example of the command for mapping user DNs.  The file doesn't have to be in the the Windchill load point.
windchill wt.org.util.ReconnectPrincipalsUtility -u wcadmin -p {password} -f D:\PTC\ParticipantsMap.xml
 
This is the syntax of ParticipantsMap.xml where <reconnect> can be repeated as many times as needed.
<dnMapping>
<reconnect>
<sourceDN>uid=$email,ou=<>,cn=<>,cn=<>,o=ptc</sourceDN>
<targetDN>uid=$email,ou=users,dc=xxxxxxx=,dc=okta,dc=com</targetDN>
</reconnect>
</dnMapping>
 
The <adapterMapping> is only necessary when migrating the user from one JNDI Adapter to another and I haven't needed it.  I'm guessing you would run the adapter mapping as a separate file.
windchill wt.org.util.ReconnectPrincipalsUtility -u wcadmin -p {password} -f D:\PTC\AdaptersMap.xml
 
And the AdaptersMap.xml would look like this.
<adapterMapping>
<sourceAdapter>net.company.InternalLdap</sourceAdapter>
<targetAdapter>net.company.EnterpriseLdap</targetAdapter>
</adapterMapping>

 

The fun part is mapping source to target DNs for hundreds or thousands of users.

-- Get source DNs (DB query)
select wtu.name, wtu.email, roid.remoteObjectId from WTUser wtu, RemoteObjectInfo roin, RemoteObjectId roid where wtu.idA2A2=roin.idA3A3 and roin.remoteId=roid.idA2A2 order by email;
 
# Get target DNs (Powershell)
Get-ADUser -Filter 'objectClass -eq "user" -and memberOf -eq "{DN of Windchill filter group}"' -SearchBase "{search base}" | Format-Table sAMAccountName,userPrincipalName,DistinguishedName -A
 

I put the values in Excel and align old and new values. Sometimes user's name or email attributes match or follow a consistent pattern between LDAP servers.  Sometimes it gets very tedious.  There is a way to export Excel to structured XML.  I did it once, but can't find my template file now.


In most cases I've found it quicker and easier to just update all the users with a DB query.  The <dnMapping> just updates the RemoteObjectId.remoteObjectId value.   Each sourceDN/targetDN pair is equivalent to this database update line.

-- Update one entry at a time.
update RemoteObjectId set remoteObjectId='uid=$email,ou=users,dc=xxxxxxx=,dc=okta,dc=com' where remoteObjectId='uid={userPrincipalName},ou=<>,cn=<>,cn=<>,o=ptc';

Or, when the DN structure changes are consistent...

-- Replace 'ou=<>,cn=<>,cn=<>,o=ptc' with 'ou=<>,cn=<>,cn=<>,o=ptc','ou=users,dc=xxxxxxx=,dc=okta,dc=com'
update RemoteObjectId set remoteObjectId=replace(remoteObjectId,'ou=<>,cn=<>,cn=<>,o=ptc','ou=users,dc=xxxxxxx=,dc=okta,dc=com') where remoteObjectId like '%,ou=<>,cn=<>,cn=<>,o=ptc';

 
Maybe someone else can respond with a full example for you.
    M
    MTH13-Aquamarine
    13-Aquamarine
    September 15, 2025

     The load files could be placed anywhere as long as you provide the absolute path in the command line

      V
      vnamboodheriCommunity Manager
      Community Moderator
      September 19, 2025

      Hello @TJ_10505309

       

      It looks like you have some responses from some community members. If any of these replies helped you solve your question please mark the appropriate reply as the Accepted Solution. 

      Of course, if you have more to share on your issue, please let the Community know so other community members can continue to help you.

      Thanks,
      Vivek N.
      Community Moderation Team.

      Terms & ConditionsCookie settingsAccessibility statement