We are trying to convert our on-premise Projectwise users to IMS without converting their User Type, which is currently Windows Synchronized.(so basically just add the email to the federated identity tab)
What we are doing are: Get-PWUsersInUserList -UserList Test33 | Convert-PWUserToFederated -DoNotChangeUserType
This changes nothing in the user properties, .. this, however, works:
Get-PWUsersInUserList -UserList Test33 | Convert-PWUserToFederated
But this converts users to Federated authentication, which is exactly what we are trying to avoid.
Something seems to be wrong with the way we use the -DoNotChangeUserType parameter.
PWPS_DAB Version: 18.104.22.168PW server Version: 10.00.03.140
Any ideas on what we are doing incorrectly ?
I don't see how it would be possible to have a federated user that isn't a federated user type. The -DoNotchangeUserType does just that, it keeps the user as its current type, which of course if used, then it means that the user is still the same user type as when you started. I don't know why this parameter exists, but there was probably a good reason, perhaps as a safety measure when processing a list of what are assumed to be federated users and you want to updates some property about those federated users, but if by chance any non-federated users get passed, they don't actually get converted? I'm just speculating here, but I've looked at the code behind that option and if used, it passes "null" to the second parameter to aaApi_ModifyUserExt() in the PW APIs.
You can have "apples" or "oranges", but you cannot have something that is both.
What problem are you trying to solve? Why the desire to have a user who is both?
Dan WilliamsSolution ConsultantBentley Systems, IncorporatedPortland, OR, USA (Pacific Time UTC-08:00)
Our method sounds similar to MortensWe use Active Directory to control the users in groups, sync the groups into the DataSource as Windows Synchronised users, and then give them a federated identity (without changing the type)
This allows a single source of control through Active Directory and the use of IMS logins. I recently noticed issues when trying to use the Convert-PWUserToFederated -DoNotChangeUserType, although I haven't had time to properly find a solution. Keen to see the thoughts on this.
OK, thanks for the information. I will have to investigate what exactly this process involves. I'll leave it to others to help Morten resolve his problem.
Exactly what we are looking to achieve, too.
Could we just insert the users into dms_identity with [o_userno],[o_idname] ?
Answer Verified By: Morten Pathuel Jørgensen
Hi Rene. And thanks.
This seems to be identical to the solution we ended out using, which looks like: