LDAP Synch up - how to avoid same ids being given to new users in SAPR3 ?


I have always faced this problem.

We have this STANDARD SAP LDAP Sychn up background job being run periodically.

This job checks for the NEW users created in Windows AD - and assigns normal general roles which are applicable for all employees.

We have the policy to assign roles based on position - which is indirect role assignment.

So every employee has a unique position created - hire to retire.

However there is a confusion on the user IDs which come from Windows AD.

E.g. : Harry Potter HARRYP - user id on windows AD / and in SAP R/3 user id.

User HarryP - leaves the co. Say had left the co in Jan 31 2012.

As per LDAP Synch up the user id is gone from Windows AD - and in SAP R/3 - for the user in SU01, shows the proper valid thro date as 31/1/2012.

Today 16th april 2012  - another employee HARRY PETER - USER ID HARRYP (is available on Windows AD) so is given to this employee.

New position generated for this employee - but same id HARRYP is being assigned as per the LDAP Sychn up job.

So when you check SU01 for this new user HARRY PETER - HARRYP - it picks up the old id, with valid thro date - and shows 31/1/2012.

But all other details are reflected as per new employee details HARRY PETER.

Under these circumstances, i have to manually edit - and remove the valid thro date.

So that the NEW user can login to the internal company portal etc.

I would like to know as to whether we could avoid this scenario.

It looks like SU01 and PA20 are looking at different things in the background in SAP.

I checked whether any possiblity to avoid this on AD level itself, i was not finding anything.

Or whether anything could be there - as a logic written, so that the system does not assign the windows AD blindly to any NEW USER being created in SAP.

Can anyone advise on this.

Many thanks