Tip #279: Don’t reuse AD accounts

Jon Lagavulin has left and Jim Laphroaig has joined the company. Same role, same position, even the same salary. In fact, Jim is supposed to take over all the leads, customers and opportunities left behind by Jim.

It’s very tempting to rename Jon’s account in Active Directory – select the user object, press F2, type the new name, press ENTER and, presto:
Rename user in AD

Complete all the fields including user logon name and save. Then switch to CRM and edit User Name field to match the new account:

Rename user in CRM

Right? In theory, yes. In practice, CRM does not seem to complete the account changeover if SID of the user remains the same and Jim, in all likelihood, will face 404 page immediately after the login. In my experience, it is always better to create new user in Active Directory, change account in CRM to point to the new user and then disable the old user account. Not only CRM will continue to work as advertised, Jim will be also spared of all the mailing list spam Jon has managed to subscribe to during his short stint with the company.

Some things just don’t mix.

Leave a Reply

Your email address will not be published. Required fields are marked *