Error Message

None.

 

The addition of a user to a DA Customer is based on the user's login name, i.e. the LDAP SAM account name. Therefore, if a login name already exists in the DA Customer and belongs to a user that was recently deleted from AD, this login name will not be associated to a new user in AD having the same login name.

 

DA should typically allow this function 30 days after the original user account's deletion. In the event a new user with the same login name needs to be added to a Role within the 30-day period, the remediation steps require editing the affected user's entry in the Customer database to indicate the user has been deleted from AD, thus allowing the new user to be selectable for Role Assignments.

Please edit as indicated and run the following queries against the DA Customer database, one at a time, with output to spreadsheet (Right-click in the results of each output section | Select All | Right-click in the results again | Copy With Headers | Paste into a new spreadsheet in Excel):

1. Obtain the information for the login name in question:

DECLARE @UserLogin nvarchar (100) = 'rsmith'; -- Edit login name in question here
SELECT [Customer_Database] = db_name(), *
FROM tblPrincipal
WHERE PrincipalLogin LIKE '%' + @UserLogin + '%'
ORDER BY PrincipalID;

2. Obtain the information for the user making the database change (this can be the Vault Service Account):

DECLARE @UserLogin nvarchar (100) = 'vsa'; -- Edit login name for user making the change here
SELECT [Customer_Database] = db_name(), *
FROM tblPrincipal
WHERE PrincipalLogin LIKE '%' + @UserLogin + '%'
ORDER BY PrincipalID;

Then contact Technical Support for assistance and provide the output of the above queries for review and compilation of the applicable remediation steps.

 

Access to Enterprise Vault (EV) Discovery Accelerator (DA) is via Roles Based Administration (RBA). Users must be assigned to a Role containing the applicable permissions in order to access DA. This can be at the Application level for administrative functions, at the Case level for Case-based functions, or at the Research Folder level for Research Folder-based functions. If a user with a specific login name is deleted from Active Directory and a new user is created with the same login name within a short time span, that new user will be listed when clicking Add User in the Role Assignment tab, but that new user will not be added, and the only Roles available for selection for that user will be the ones not already associated to that login name. For example, user Robert Smith with login name rsmith was assigned the Admin Role in a Case. This user then leaves the company and his Active Directory (AD) account is deleted. New user Richard Smith joins the company the next day as Robert's replacement. Richard's login name is also rsmith. Clicking on New User in the Case's Role Assignment tab will list Richard's account. However, selecting Richard's account will then display the Roles pane with the Admin Role not listed and the Regulatory Reviewer (and any other custom Case-Scope Roles) listed. This indicates the new Role Assignment will be for the rsmith account associated to Robert, not to Richard.