LDAP Synch up - how to avoid same ids being given to new users in SAPR3 ?
I have always faced this problem.
We have this STANDARD SAP LDAP Sychn up background job being run periodically.
This job checks for the NEW users created in Windows AD - and assigns normal general roles which are applicable for all employees.
We have the policy to assign roles based on position - which is indirect role assignment.
So every employee has a unique position created - hire to retire.
However there is a confusion on the user IDs which come from Windows AD.
E.g. : Harry Potter HARRYP - user id on windows AD / and in SAP R/3 user id.
User HarryP - leaves the co. Say had left the co in Jan 31 2012.
As per LDAP Synch up the user id is gone from Windows AD - and in SAP R/3 - for the user in SU01, shows the proper valid thro date as 31/1/2012.
Today 16th april 2012 - another employee HARRY PETER - USER ID HARRYP (is available on Windows AD) so is given to this employee.
New position generated for this employee - but same id HARRYP is being assigned as per the LDAP Sychn up job.
So when you check SU01 for this new user HARRY PETER - HARRYP - it picks up the old id, with valid thro date - and shows 31/1/2012.
But all other details are reflected as per new employee details HARRY PETER.
Under these circumstances, i have to manually edit - and remove the valid thro date.
So that the NEW user can login to the internal company portal etc.
I would like to know as to whether we could avoid this scenario.
It looks like SU01 and PA20 are looking at different things in the background in SAP.
I checked whether any possiblity to avoid this on AD level itself, i was not finding anything.
Or whether anything could be there - as a logic written, so that the system does not assign the windows AD blindly to any NEW USER being created in SAP.
Can anyone advise on this.