Published Date : 16 Sep 2016
Last Updated : 23 Jul 2024
Content Ref: TEC5015612
Operating System
(none)
Part No
(none)
Summary
Explains the process used to create a clean RM Unify AD Sync database.
Symptoms
If you were to uninstall and reinstall RM Unify AD Sync to the same domain controller, it would automatically re-use the existing AD Sync database with its configured AD filters, role mappings and provisioned users. In some cases, however, this would not be desired, e.g. the database could be out of sync with your AD and contain users that no longer exist in AD.
If RM Support has diagnosed an issue with your AD Sync installation and has asked you to create a clean RM Unify AD Sync database with no previous settings, then please follow this article.
Note: Donot follow this article unless specifically requested by the RM Support team. Incorrect use can result in duplicated RM Unify (and Microsoft® 365™/Google Workspace, etc.) user accounts and permanent loss of existing user data.
Requirements
Important: If you are looking to reinstall RM Unify AD Sync to a new server or a new network on which the AD user accounts' objectGUIDs will have changed, then you must follow TEC4061769 in the Other Useful Articles section below.
Procedure
Important note: Open the RM Unify AD Sync Config Tool, expand each AD filter and take screenshots of the settings so that you can complete step 16 below to reinstate the same configuration. If you have a Community Connect® 4 (CC4) network and your role mappings are the CC4 defaults, you can just choose to use those defaults upon reinstall. Otherwise, take screenshots of your currently configured role mappings to complete step 16 below.
Close the RM Unify AD Sync Config Tool.
Open Windows Services, find the RM Unify AD Sync Service, right-click and select Stop.
Browse to: C:\Program Files(x86)\RM\RM Unify AD Sync.
Rename the existing 'RM.Networks.IdentityManagement.config' file to 'RM.Networks.IdentityManagement.configBKP' file.
Rename the existing 'RM.Networks.IdentityManagement.sdf' file to 'RM.Networks.IdentityManagement.sdfBKP' file.
The next steps are very important. If you have previously moved your RM Unify AD Sync installation to a new Active Directory, you will have changed the AD Sync configuration to look at an alternative AD user account attribute and not the default. You must ensure that the configuration file is updated correctly (by following the steps below) before proceeding. Otherwise, you risk duplicating all your RM Unify (and Microsoft 365, Google Workspace, etc.) user accounts.
Open RM Unify AD Sync Configuration Tool and immediately close it. Do not complete RM Unify Registration. This creates the required configuration file, but creates it devoid of any specific settings.
Right-click Notepad and select 'Run as administrator'.
In Notepad, browse to and open the 'C:\Program Files (x86)\RM\RM Unify AD Sync\RM.Networks.IdentityManagement.configBKP' file.
Find the line beginning with '<add key="IdentityGuidSource"'.
If the line matches <add key="IdentityGuidSource" value="rmCom2000-UsrMgr-uPN" /> (which is the default), close the file without saving and proceed to step 15 below.
If the line does not match and contains a different value (e.g. otherpager, or another attribute), copy and paste the line to the new 'C:\Program Files (x86)\RM\RM Unify AD Sync\RM.Networks.IdentityManagement.config' file, replacing the default value.
Save and close the file.
Start the RM Unify AD Sync Service and then open RM Unify AD Sync Configuration Tool.
Register the school and configure AD filters and role mappings as desired, using the screenshots/notes made in step 1 above.
Wait for approximately 45 minutes to allow complete synchronisation with RM Unify.
More Information
Creating a clean database for RM Unify AD Sync will not recreate your already existing RM Unify users. RM Unify user accounts which have been provisioned from your network have been created in the RM Unify datacentre with a unique identifier (most typically the objectGUID). When you create a clean, local AD Sync database and it scans for users, those same unique identifiers will be used and sent to the RM Unify datacentre, matching to those already existing accounts.