Re: Batch Import - Change Organization Group: Move...

NarithVann · ‎01-01-2019

Trying to bulk move a few users who have been added into the wrong default enrollment organisation group.
Is it possible to move Directory users?

Or can we only bulk move Basic users? The user's are definitely sitting in the 'given' location group ID.
I am also in the right/highest organisation group level.

ERROR: This user was not found at the given location group or is not a basic user

LiorAbel · ‎01-09-2020

I've been wondering about this too. Were you able to find a solution?

EricPlent · ‎01-14-2020

I have tried this as well but had no luck. Please share if you do find a way to make this work.

RichB2u2 · ‎01-14-2020

Our Active Directory users are all always at the top level OG but devices are enrolled at sub-OG's and can be moved around to other sub-OG's.

yajimad · ‎01-14-2020

Hi Narith,

Directory users will always be managed by an organization group which we set up Directory Services(under Groups & Settings > All Settings > System > Enterprise Integration).
We can see which organization manages an user the attribute ' Managed By' on a user details page.
We cannot change 'Managed By' of a directory user without delete/re-create the user.

Added: I add an example of step to change 'Managed By' attribute of a directory user as below:

An user account belongs to OG-A. Its 'Managed By' is OG-A.
We create a child OG named OG-B.
On OG-B, go to Groups & Settings > All Settings > System > Enterprise Integration and change "Current Setting" to "Over ride"
Click [Skip wizard and configure manually] and confirm that the setting same as OG-A appears, then [save]
Then we can add a user on OG-B from directory. The added user has OG-B as 'Managed By' value.

We can see the enrollment organization group of a user by checking ' Enrollment Organization Group' attribute on a user details page too.
We can change the value of ' Enrollment Organization Group' on a directory user without delete/re-create the user.

The template of ' Change Organization Group' changes ' Managed By' of a basic user.
So we cannot use the template to make changes to directory users.

returaxel · ‎06-23-2020

Hi,

I will bump this thread as I have a similar; issue where we are making changes to active directory and my directory user groups are to be obsoloete.

These users have device assignments at the moment.

As there seems to be no way of changing the source organisation group on a Directory User - and the only option is to delete/re-create. What will the implication be for the device assignments?

Does ws1 map the "new" (re-created) users to their old devices or is this data lost with this org change?

yajimad · ‎06-24-2020

Does ws1 map the "new" (re-created) users to their old devices or is this data lost with this org change?

WS1 does not keep a relationship between a device and an user through deletion/re-creation of the user account.

So we usually re-enroll the device with a new re-created user account.

returaxel · ‎06-24-2020

I've done some tests to figure out if I can leave the current users intact when moving ou structure...

I deleted the LDAP Groups that were used to import AD users to WS1
- When the groups were deleted I synchronized directory changes

Seemingly this has not affected the WS1 account in any way. They are still active. I know there are rules for inactivating the users when they are removed from the LDAP group but this is not set.

Move automatically with new LDAP group / Group mapping

The Enrollment Is set to only place users in the org at first sync. So for me to move all the current users with group membership, i would have to:

Change Apply mapping on enrollment only to <no> (Devices & users: General: Enrollment: Grouping)
Synchronize the new Group from AD
Set the Priority higher than the current ones for Enrollment Organization to change

Manually move directory users within WS1?

However from a directory user i can go to <Edit: Enrollment (expand)> and change the Enrollment Organization Group.

If I read your previous post correctly this would have to be done manually on each user as it's not a valid batch job?

Regardless:

Would you deem it possible to do this rather than removing and having the users deleted/re-created?

For my situation the actual placement of the users does not matter right now. We just want to make sure they are not cut off nor lose their devices when we change their AD location.

yajimad · ‎06-28-2020

The Enrollment Is set to only place users in the org at first sync. So for me to move all the current users with group membership, i would have to:
    Change Apply mapping on enrollment only to <no> (Devices & users: General: Enrollment: Grouping)
    Synchronize the new Group from AD
    Set the Priority higher than the current ones for Enrollment Organization to change
Manually move directory users within WS1?
However from a directory user i can go to <Edit: Enrollment (expand)> and change the Enrollment Organization Group.
If I read your previous post correctly this would have to be done manually on each user as it's not a valid batch job?

I talked about batch template as per the first question of this thread and did not mention the function you pointed.

We can change the organization group of existing devices the method you mentioned and this is a valid function of WS1 UEM.

Please note: (Devices & users: General: Enrollment: Grouping) does not change the "Enrollment Organization Group" attribute of each user accounts.

Regardless:
Would you deem it possible to do this rather than removing and having the users deleted/re-created?

I have tested on my environment and confirmed that I could change the organization group of existing devices without having the users deleted/re-created.

Thanks

All

Batch Import - Change Organization Group: Move user to a different Organization Group.

Device Management