[solved] AD sync occasionally removes users / agents


If you are a Zammad Support or hosted customer and experience a technical issue, please refer to: support@zammad.com using your zammad-hostname / or company contract.

  • Used Zammad version: 2.9.x
  • Used Zammad installation source: package
  • Operating system: debian 9
  • Browser + version: Google Chome

Expected behavior:

Zammad is linked to our AD, some AD-Groups are also linked to Admin- and Agent-roles in Zammad.
AD sync updates Zammad users/agents/admins and metadata.

Actual behavior:

The AD sync occasionally kicks out users and -more annoyingly- agents for whatever reason.
Result is, that tickets are no longer assigned to the agents that got kicked out. As the sync starts regularly this is very annoying for those agents, especially when they update a ticket and cannot save at the end.
An hour later the sync “repairs” itself, otherwise a manual sync can do the same, but how to fix this?

Steps to reproduce the behavior:

Reproduces itself during sync-jobs

Hi @SUB_USER - I debugged these cases a lot in the past. Could you please check if the resolution applies to your situation? If not, please run the script I posted in the comment and send it to our support address and refer to me and this thread.

Well, thanks for the hint. I don’t think this is the reason.
When I checked the history I found one strange behaviour. The user in question actually has two accounts in our AD - different names, but same meta-data (e.g. email, phone).

The log then says something like this:

  • vor 1 Tag 2 Stunden
  • aktualisierte Benutzer login von ‘user1’ bis ‘user2’

I don’t know how the user-lookup works below the curtain, but it seems as if the problem is there…

I forgot: With the next sync the update of the change before is reverted: (strange german translation by the way…)

  • vor 1 Tag 2 Stunden

  • aktualisierte Benutzer login von ‘user1’ bis ‘user2’

  • vor 1 Tag 1 Stunde

  • aktualisierte Benutzer login von ‘user2’ bis ‘user1’

So - finally. It seems as if the problem was related to the mentioned two users having the same meta-data. Once that has been resolved, the problem disappeared.

However - I ran the script, but it generated roughly 150MB of logs…

Case can be closed (as far as I can see right now)

1 Like

Thanks for the feedback! Glad you could solve the problem!

This topic was automatically closed 120 days after the last reply. New replies are no longer allowed.