Relinking users

When creating a user in ShareFile using the User Management Tool (UMT), a GUID is added to the users and distribution groups which “links” that user or group to Active Directory (AD). This GUID is used as an anchor so that if a user’s information, such as their name or email address, is changed in AD, then it is also updated in ShareFile. However, in a few scenarios, such as changing domains where your existing AD linked user or group is created as a new user or group in the new domain, you must relink the user or group using the UMT.

Only UMT versions 1.8.1 and later and UMT for PBA versions 1.11 and later support relinking users.

AD Link Reset Mode is a special operating mode in the UMT which allows the UMT to update the AD GUID that maps a user or distribution group to the corresponding AD user or group. (When in normal operating mode, UMT does not update this field once it has been set.) This GUID-based link is normally set by UMT when a user or group is either initially created from AD or when an existing ShareFile user is associated with an AD user using email matching.

AD Link Reset Mode is only available in the UMT UI application. Scheduled jobs do not run while UMT is in AD Link Reset Mode - they exit with an appropriate exit code and log message - before processing any rules. Also, any other UMT UI instances are prevented from executing (on machines / Windows users other than the one on which the mode was enabled).

Once UMT has been placed in AD Link Reset Mode, it does not exit AD Link Reset Mode until the rules have been refreshed on the Rules tab and any relink actions have committed successfully.

UMT resets AD links based on existing user and group rules, and only updates links of existing users and groups that already have the AD GUID field set. While in AD Link Reset Mode, UMT does not make any other changes to ShareFile users or groups, it only updates the AD GUID link.

UMT also prevents any other changes to rules or configuration changes while in AD Link Reset Mode. Unavailable functionality is disabled and grayed in the UI. Unavailable functionality includes but is not limited to the following:

All Versions:

  • Creating rules
  • Editing existing rules
  • Scheduling jobs using the Schedule button on the Rules tab

v 1.11:

  • Reordering rule priority
  • Search tab

v 1.8.1:

  • Users tab
  • Groups tab
  • Zones tab
  1. Disable any scheduled UMT jobs in Windows Task Scheduler.

  2. Launch the UMT, sign in to the new domain and create the correct user and group rules. Do not commit the rules yet.

  3. Close the UMT.

  4. Add the following AD Link Reset Mode Registry Key.

Note:

If you are using more than one UMTs in your environment, you only need to add the Registry Key to one machine and run the AD relinking from that machine.

  HKEY\_CURRENT\_USER\\SOFTWARE\\Citrix\\ShareFile\\UMT
  String Value
  Name: EnableADLinkReset
  Data: you can leave this blank
<!--NeedCopy-->

5. Launch the UMT and log into the new domain.

A message displays letting you know that your UMT is in AD Link Reset Mode. If another user logs into a different machine and launches the UMT, they receive a message letting them know that the account / UMT is in AD Link Reset Mode and which machine (via Machine Name) is the one performing the AD Link Reset.

6. Navigate to the Rules tab, click Refresh, and then Commit now. The users who are relinked have the words Reset User Link next to their email address in the Actions column.

7. If the relink was successful, a success message appears. You can exit the UMT (upon exiting, the EnableADLinkReset key is removed if the relinking was successful).

8. Launch the UMT again and sign in to the new domain and begin using the UMT in normal operating mode.

At this point, you might want to reconfigure any scheduled tasks to point to the new rules.

Fixing errors

If you encounter any errors during the relinking process and you need to make a change to the UMT rules to correct the error, follow the below steps to remove the specific machine from being in AD Link Reset Mode:

  1. Close the UMT.

  2. Navigate to the AD Link Reset Mode registry key.

  3. In the data field, add the word False. This removes the specific UMT machine under the current logged in user from being in AD Link Reset Mode.

  4. Relaunch the UMT and continue fixing the misconfigured rules.

  5. Close the UMT.

  6. Navigate to the AD Link Reset Mode registry key.

  7. Delete the world False from the data field.

  8. Relaunch the UMT and continue forward with the AD Link Reset Mode process.

Relinking users