Known Issue: Duplicate Key error attempting to import Active Directory Users

Liz Sanderson
Liz Sanderson
  • Updated

FME Version

  • FME 2020.0
Known Issue ID FMESERVER-14730
Discovered 2020.0
Affects 2020.0
Resolved 2020.0.2

Symptom 

In FME 2020.0 when trying to browse Active Directory to add new users to FME Server a ‘Duplicate Key <username>’ error pops up in the left-hand corner and the user import cannot be completed. 


‘Duplicate Key <username>’ error whilst attempting to import Active Directory Users

 

Cause

This issue will be present if the following conditions have been met: 

  1. You performed a restore on FME Server that contained existing Active Directory accounts, and
  2. Some Active Directory accounts have been renamed, moved, or deleted
    • Renamed: Name change or correction
    • Moved: Account was moved from one organizational unit (OU) to another OU
    • Deleted: Account was removed

 

Workaround

To remedy the issue without updating FME Server:

  1. Remove the duplicate user account(s) from FME Server via the Web UI
  2. If the account(s) causing the problem was a renamed/moved account you can then re-import these to FME Server.


If there are multiple user accounts causing a problem, these will not all be listed in the error message, if you are having trouble working out which user accounts are causing the error you can use the REST API to fetch a full list of distinguished names and then work with your IT team to identify any discrepancies in this list:

  1. Retrieve all Active Directory user accounts via the API GET /security/accounts and filter by the field type equal to Ldap. 
  2. Retrieve Active Directory info for each user account via the API GET /security/accounts/{name}/ldap, substituting {name} with the name retrieved in (1). Each Active Directory info has a field distinguishedName that should match a pattern CN=...,OU=...,DC=...
  3. Ask your IT department to compare the distinguished names (DNs) with the Users on the Domain Controller to look for differences, or use a tool like ADExplorer.exe to identify the renamed, moved, or deleted accounts

The ADUsers.fmw workspace can be used to help retrieve a list of distinguishedName values for your FME Server Users (step 1-2). 

 

Resolution

This issue has been fixed for FME Server 2020.0.2 and newer. 
 

Was this article helpful?

Comments

0 comments

Please sign in to leave a comment.