Duplicate user_names causes Refresh from LDAP not to work


Refresh from LDAP fails to work properly if users with duplicate user names exist in the instance (for example, if Single Sign-On uses a field other than user_name for authentication, such as email). If a user is retired on the LDAP server and a new user is later created using an identical SAMAccountName/user_name, this function will fail because the Refresh from LDAP UI action uses user_name and not sys_id.

Steps to Reproduce

  1. Load two users with different email addresses but the same user_name from LDAP.

  2. Modify the user on LDAP.

  3. Click Refresh from LDAP in the ServiceNow instance.

    Note that only one user will get updated, and not necessarily the one on which you performed the action.



If email address is your unique identifier, map it to user_name in the transform map. For more information, see the product documentation topic Transform maps.

Related Problem: PRB635428