Sometimes users change their names. We use Active Directory for PDM login, so when IT updates the users login name in AD and I run "Update Group from AD" it wants to remove the user's old name from group(s) and create new user by new name. In effect it's the same user (person) just a new name, so I would like to keep history and stuff in tact. Do I just live with it or is there a better way?
I found a VAR blog suggesting editing the user login name from SQL. https://www.goengineer.com/blog/editing ... 20updated. Tempting to do that. But I read farther and wondered, well, should I change the name in the registry too or just change in database table and assume something triggers to update the registry?
Does anyone have experience with this they would like to share?
PDM, change user's login name
PDM, change user's login name
There are two places in the archive server registry where PDM stores the login information for vaults on the server. This is because the Login type can be set to use the setting from the server or set to override the server settings to use different settings on a specific vault. Using vault level settings will allow you to do things such as have different users who use the same user name with different passwords for different vaults. These would be stored separately for each vault.
Server level location: HKEY_LOCAL_MACHINE\SOFTWARE\SolidWorks\Applications\PDMWorks Enterprise\ArchiveServer\
Vault level location: HKEY_LOCAL_MACHINE\SOFTWARE\SolidWorks\Applications\PDMWorks Enterprise\ArchiveServer\Vaults\<vaultname>\
PDM logins are in ConisioUsers
Windows users and groups defined in the login Settings dialog are in WinUsers
Users that are deleted in the vault are not removed from the archive server registry. This is because it is possible to recover a deleted user account and the registry is storing the user password.
The user name is just a string so it should technically be possible to update the string since the system is going to use the UserID internally to identify the user. For PDM logins, you would also need to change the registry key name for the user so that the system can authenticate the password.
Some things to consider when trying to do something like this is that you may have unintended consequences in other areas where the user name maybe be saved or referenced as a string so it is not using the userid. Some places that come to mind are variable values for Author, Checked by, Approved by, etc. Most often these values are also stored in the files themselves and not just in the PDM database.
Another area that might compare against the username strings is if variable values are used in conditional notifications. Those may also be affected if the value of the variable string no longer matches the value of the username string.
Go to full postServer level location: HKEY_LOCAL_MACHINE\SOFTWARE\SolidWorks\Applications\PDMWorks Enterprise\ArchiveServer\
Vault level location: HKEY_LOCAL_MACHINE\SOFTWARE\SolidWorks\Applications\PDMWorks Enterprise\ArchiveServer\Vaults\<vaultname>\
PDM logins are in ConisioUsers
Windows users and groups defined in the login Settings dialog are in WinUsers
Users that are deleted in the vault are not removed from the archive server registry. This is because it is possible to recover a deleted user account and the registry is storing the user password.
The user name is just a string so it should technically be possible to update the string since the system is going to use the UserID internally to identify the user. For PDM logins, you would also need to change the registry key name for the user so that the system can authenticate the password.
Some things to consider when trying to do something like this is that you may have unintended consequences in other areas where the user name maybe be saved or referenced as a string so it is not using the userid. Some places that come to mind are variable values for Author, Checked by, Approved by, etc. Most often these values are also stored in the files themselves and not just in the PDM database.
Another area that might compare against the username strings is if variable values are used in conditional notifications. Those may also be affected if the value of the variable string no longer matches the value of the username string.
Re: PDM, change user's login name
I had to changed all our user names to cope with domain mIgration editing the sql table during server maintenance to avoid to lose all history of our legacy users
1.Close the vault for maintenance so no one could try to log in
2.Open the SQL management studio
3.Expand the tables and locate dbo.users table under your vault DB
4.right click edit the first 200 lines
5.Edit the username column
Backup the DB before this operation just in case.
You must add the new AD user to the access list in the PDM archive server settings otherwise the user has no access to the vault.
1.Close the vault for maintenance so no one could try to log in
2.Open the SQL management studio
3.Expand the tables and locate dbo.users table under your vault DB
4.right click edit the first 200 lines
5.Edit the username column
Backup the DB before this operation just in case.
You must add the new AD user to the access list in the PDM archive server settings otherwise the user has no access to the vault.
Re: PDM, change user's login name
What registry entry is of you concern?
Server side entries like usercache should be recreated.
You need to allow the access from AD adding the new user names you modified in the db in the archive server as well.
Server side entries like usercache should be recreated.
You need to allow the access from AD adding the new user names you modified in the db in the archive server as well.
Re: PDM, change user's login name
Thank you. I don't know if it should even be a concern. In the link below they go on to talk about removing a login name from the registry on the archive server. You make it sound like that is cache that is loaded/refreshed automatically. I guess if old logins are not automatically flushed from that registry and there is a conflict then there is a need to manually remove that old login from registry?
This image from the linked page is what I was talking about:
- jcapriotti
- Posts: 1869
- Joined: Wed Mar 10, 2021 6:39 pm
- Location: The south
- x 1215
- x 1999
Re: PDM, change user's login name
I don't have any users except "admin" there. Our PDM is linked to our old AD username and password. Since we've gone to Azure AD, I'm now in the process of going to PDM only logins. This requires that I rename the username in the "Users" table to a new name, then we set a password for each user. This does create a new user registry entry similar to what you show but its down under "Vaults\<Vaultname>\ConisioUsersbnemec wrote: ↑Thu Mar 21, 2024 12:37 pm Thank you. I don't know if it should even be a concern. In the link below they go on to talk about removing a login name from the registry on the archive server. You make it sound like that is cache that is loaded/refreshed automatically. I guess if old logins are not automatically flushed from that registry and there is a conflict then there is a need to manually remove that old login from registry?
This image from the linked page is what I was talking about:
image.png
Jason
Re: PDM, change user's login name
The registry saves both AD and PDM users, name for both and hashed passwords for the latter.
Unless you have to move one user from AD login to PDM login you could avoid touching the registry.
for my test server I did both as Ido not wanted to use AD login over there.
Edit:
I saw the attachment and it seems you have pdm logins too?
do you use mixed logins? AD and PDM?
Unless you have to move one user from AD login to PDM login you could avoid touching the registry.
for my test server I did both as Ido not wanted to use AD login over there.
Edit:
I saw the attachment and it seems you have pdm logins too?
do you use mixed logins? AD and PDM?
- jcapriotti
- Posts: 1869
- Joined: Wed Mar 10, 2021 6:39 pm
- Location: The south
- x 1215
- x 1999
Re: PDM, change user's login name
Not initially until they added the option (2020?). Then i just had some test users as PDM logins. Now I'm moving all accounts PDM Logins due to our move to Azure.
Jason
Re: PDM, change user's login name
There are two places in the archive server registry where PDM stores the login information for vaults on the server. This is because the Login type can be set to use the setting from the server or set to override the server settings to use different settings on a specific vault. Using vault level settings will allow you to do things such as have different users who use the same user name with different passwords for different vaults. These would be stored separately for each vault.
Server level location: HKEY_LOCAL_MACHINE\SOFTWARE\SolidWorks\Applications\PDMWorks Enterprise\ArchiveServer\
Vault level location: HKEY_LOCAL_MACHINE\SOFTWARE\SolidWorks\Applications\PDMWorks Enterprise\ArchiveServer\Vaults\<vaultname>\
PDM logins are in ConisioUsers
Windows users and groups defined in the login Settings dialog are in WinUsers
Users that are deleted in the vault are not removed from the archive server registry. This is because it is possible to recover a deleted user account and the registry is storing the user password.
The user name is just a string so it should technically be possible to update the string since the system is going to use the UserID internally to identify the user. For PDM logins, you would also need to change the registry key name for the user so that the system can authenticate the password.
Some things to consider when trying to do something like this is that you may have unintended consequences in other areas where the user name maybe be saved or referenced as a string so it is not using the userid. Some places that come to mind are variable values for Author, Checked by, Approved by, etc. Most often these values are also stored in the files themselves and not just in the PDM database.
Another area that might compare against the username strings is if variable values are used in conditional notifications. Those may also be affected if the value of the variable string no longer matches the value of the username string.
Server level location: HKEY_LOCAL_MACHINE\SOFTWARE\SolidWorks\Applications\PDMWorks Enterprise\ArchiveServer\
Vault level location: HKEY_LOCAL_MACHINE\SOFTWARE\SolidWorks\Applications\PDMWorks Enterprise\ArchiveServer\Vaults\<vaultname>\
PDM logins are in ConisioUsers
Windows users and groups defined in the login Settings dialog are in WinUsers
Users that are deleted in the vault are not removed from the archive server registry. This is because it is possible to recover a deleted user account and the registry is storing the user password.
The user name is just a string so it should technically be possible to update the string since the system is going to use the UserID internally to identify the user. For PDM logins, you would also need to change the registry key name for the user so that the system can authenticate the password.
Some things to consider when trying to do something like this is that you may have unintended consequences in other areas where the user name maybe be saved or referenced as a string so it is not using the userid. Some places that come to mind are variable values for Author, Checked by, Approved by, etc. Most often these values are also stored in the files themselves and not just in the PDM database.
Another area that might compare against the username strings is if variable values are used in conditional notifications. Those may also be affected if the value of the variable string no longer matches the value of the username string.
-- To espouse elucidation we must eschew obfuscation