Overview
There may be instances wherein:
The users are added manually to inSync but require alignment with AD/LDAP directory services for auto-provisioning.
The user GUID attribute in inSync may not match the GUID value specified in the AD/LDAP directory.
To align such users, inSync uses the GUID attribute from your AD/LDAP directory to validate and sync the users with your directory.
In such scenarios, you can edit the user GUID attributes if the user provisioning method is set as AD/LDAP in inSync.
❗ Important
The provisioning method changes to AD/LDAP when you update the GUID attribute for users added manually.
The provisioning method changes to manual when you delete the GUID for a user.
Key considerations
You can update the GUID only if the provisioning method is set as AD/LDAP.
Use the unique GUID attribute for the user available in AD/LDAP directory.
The provisioning method changes when you update or delete the GUID attribute for a user.
In case of a GUID attribute without custom unique identifier for LDAP, the value must be in hex format only. To know more about converting GUID formats, see Convert AD GUID.
Procedure
To update the user GUID Attribute:
On the Endpoints console, select Users.
Select the user to go to the respective User details page.
Click Edit in the Summary section. The EditUser window appears.
Update the GUID field in hex digit format with the attribute available in your AD/LDAP directory and click Save.
After updating, the action is captured in Admin audit trails.