Jump to content
Buckit

Account discovery duplicates existing account

Recommended Posts

Hi guys,

 

In our environment we have a bunch of Unixen. When spinning up new hosts we frequently quickly add the host and its accounts manually into PasswordState. However, we've then noticed that the account discovery jobs creates a duplicate of the accounts in question. Is there a way to prevent this?

 

* We've set up the object names to match the formating that the discovery job would add.

* The identical username is used.

* The object is linked to the exact same host.

 

What gives? Is it better to just re-run discovery after upping a new host? I would certainly still like to know how to prevent this duplication though...

 

Share this post


Link to post
Share on other sites

I'll get on it right away..

 

EDIT:

Ah darn, I just realized that I cannot show you the screenshots as they contain identifying information for our environment.

 

Can you tell me which exact fields the discovery job uses to determine whether the object in question already exists? While waiting for you, I'll try and poke through the code to see if I can't find my answer :)

Share this post


Link to post
Share on other sites

I've compared the original and the duplicate discovered objects. Up until yesterday there were more differences, but right now the only differences are:

 

* Description: their description is wildly different

* Account Type: Linux vs CentOS

* Password List: the original is in the desired list, while the newly discovered one is in the list I made specially for that purpose called "Newly Discovered".

 

Now, I sincerely hope that the password list is not taken into account into determining whether an account should be imported :D

 

I can understand that maybe the type would influence the decision, but I would not care for the description playing a role.

 

For now, I will set the account type to what is found in AD. Then I'll clean up the dupes and rerun the discovery.

Share this post


Link to post
Share on other sites

Hi Buckit,

 

The following is what we check to see if an existing account exists in a Password List or not - this is in any Password List, just not the one selected on the Account Discovery Job.

  • The Password List must be enabled for Resets
  • Username field (must be identical i.e. if a domain account is specified as username@domain.com then this is not the same as domain\username)
  • HostID - this is the Host record in Passwordstate
  • AccountTypeID - this is the account type selected on the password record

So without seeing your data, I would guess that possibly there was a different type of Account Type selected for your already existing records.

We hope this helps.

Regards

Click Studios

Share this post


Link to post
Share on other sites
3 hours ago, support said:

So without seeing your data, I would guess that possibly there was a different type of Account Type selected for your already existing records.

 

Bingo, that'd be it.

 

Thank you very much for your help! I appreciate it.

 

EDIT:
Odd, even after syncing the account types, the discovery job still created the duplicate. I'll poke around some more.

 

EDIT 2:

Solved... I only  re-tested with the acounts for one host and would you believe that it was this particular host that was also mis-registered in AD? :D

You were right @Support: the issue was with the type definition.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...

×
×
  • Create New...