SFB 2015- Cleanup orphan AD attribute from FE SQL express database for a user

There are many cases where in user left the company and rejoined or migrated from resource forest etc can cause AD SID mismatch in FE server SQL express database. Later, user may not be able to signin to SFB client. Following steps may help you to delete the orphan object and clean the FE database.

Login to control panel and delete the user if exists, commit the changes and invoke the CMS replication (Invoke-csmanagementstorereplication).

Launch SQL management studio from one of the node and connect to FE\RTClocaldase instance. Run following query to find the user’s resource id. select * FROM [rtc].[dbo].[Resource] where UserAtHost like ‘testuser1%’

Make a not of the resource ID and find user’s AD obejct id by running following query. Select * from rtc.dbo.ResourceDirectory where ResourceId like 1002

Run following SQL query to confirm the SD object ID for the user, please replace user host and ADguid as below.

select aom.AdObjectGuid
from rtc.dbo.ResourceDirectory as rd
inner join rtc.dbo.Resource as r on (r.ResourceId = rd.ResourceId)
inner join rtc.dbo.AdObjectMap as aom on (rd.AdObjectId = aom.AdObjectId)
where r.UserAtHost = ‘user@domain.com’
–and aom.AdObjectGuid <> ‘094C0E7C-45ED-4A06-8C4A-7112177D4B41’

Later Delete stale entry from all FE servers one by one. Please run following command, you need enter user’s ADobject ID as input in this query, ; exec rtc.dbo.UrDeleteResource ‘2151ABFA-226E-4068-BB96-53C75989E7B8’,0,0

Enable the user back and check if the user can sign to SFB client successfully.

How useful was this post?

Click on a star to rate it!

Average rating / 5. Vote count:

One thought on “SFB 2015- Cleanup orphan AD attribute from FE SQL express database for a user

Leave a Reply

Your email address will not be published. Required fields are marked *