When Contractors Become Full-Time Employees (Sun Java System Identity Synchronization for Windows 6.0 Deployment Planning Guide)

Sun Java System Identity Synchronization for Windows 6.0 Deployment Planning Guide

Previous: Moving Users Between Active Directory Organizational Units
Next: Chapter 3 Case Study: Deploying in a High-Availability Environment Over a Wide Area Network Using SSL

When Contractors Become Full-Time Employees

When a contractor becomes a full-time employee, the special c- prefix is removed from the person's login name. The new full-time employee is now in SUL for the first time, and the entry will be interpreted as being new even though it was not recently created. If the contractor has an Active Directory entry that is modified, Identity Synchronization for Windows will attempt to create the entry in Directory Server.

The following table provides the guidelines for handling contractor accounts when they become full-time employees.

Table 2–3 Guidelines for Transitioning Contractor to Employee Accounts


Active Directory Account	Directory Server Account	Creating Linked Entries in Active Directory and Directory Server
No account	No account	This kind of situation should not occur because contractors have either an Active Directory or Directory Server account. If it does occur, create a new entry in Active Directory, and Identity Synchronization for Windows automatically creates a new user in Directory Server.
No account	Account	Remove the `c-` prefix from the Directory Server entry’s `uid`. Create a new entry in Active Directory for the new full-time employee. Run `idsync resync` to establish a link for the new full-time employee. Use the `-a` option to limit the scope of the `resync` command to a single user. If a contractor's Directory Server entry is not important, do the following: Delete the Directory Server entry for the contractor, if there is one. Create a new entry in Active Directory. Identity Synchronization for Windows will create the corresponding new user in Directory Server.
Account	No account	Remove the `c-` prefix from the Active Directory entry’s `samaccountname`. Identity Synchronization for Windows will interpret the change as a new user and create the corresponding new user in Directory Server.
Account	Account	Remove the `c-` prefix from the Directory Server entry’s `uid`. Remove the `c-` prefix from the Active Directory entry’s `uid`. Note – If this entry is modified before the Directory Server entry, the contractor will have two Directory Server accounts (the original one and a new one with a `uid` without the `c-` prefix) Run `idsync resync` to establish a link for the new full-time employee. Use the `-a` option to limit the scope of the `resync` command to a single user. If a contractor's Directory Server entry is not important, do the following: Delete the Directory Server entry for the contractor, if there is one. Remove the `-c` prefix from the Active Directory entry’s `samaccountname`. Identity Synchronization for Windows will create the corresponding new user in Directory Server.