Re-linking users in your ShareFile account
When creating a user in ShareFile via the User Management Tool (UMT), we are adding a specific AD GUID to the ShareFile users and ShareFile Distribution Groups which “links” that user/group to Active Directory (AD). This GUID is used as the anchor so that if a user’s information, such as their name or email address, is changed in AD, then we update it in ShareFile. However, in a few scenarios, such as changing domains where your existing “AD linked” ShareFile user/group is created as a new user/group in the new domain, you would need to re-link the user/group via the UMT. Only UMT versions 1.8.1+ and 1.11+ support re-linking users in your ShareFile account.
AD Link Reset Mode
AD Link Reset Mode is a special operating mode in the UMT which allows the UMT to update the AD GUID in ShareFile that maps a ShareFile User or Distribution Group to the corresponding AD User or Group. (When in “normal” operating mode, UMT does not update this field once it has been set.) This GUID-based link is normally set by UMT when a ShareFile User/Group is either initially created from AD or when an existing ShareFile user is associated with an AD user via email matching.
AD Link Reset Mode is only available in the UMT UI application. Scheduled jobs will not run while UMT is in AD Link Reset Mode - they will exit, with an appropriate exit code & log message - before processing any rules. Additionally, any other UMT UI instances will be prevented from executing (on machines / Windows users other than the one on which the mode was enabled - see below for details).
Once UMT has been placed in AD Link Reset Mode (see below), it will not exit AD Link Reset Mode until Rules have been refreshed (on the Rules tab), and any re-link actions have committed successfully.
UMT will reset AD links based on existing user & group rules, and will only update links of existing ShareFile Users and Groups that already have the AD GUID field set. While in AD Link Reset Mode, UMT will not make any other changes to ShareFile users or groups - it will only update the AD GUID / link in ShareFile.
UMT will also prevent any other changes to Rules or configuration changes while in AD Link Reset Mode; unavailable functionality will be disabled & greyed in the UI. Unavailable functionality includes, but is not limited to the following:
- Creating new Rules
- Editing Existing Rules
- Scheduling Jobs via the Schedule button on the Rules tab
- Re-ordering Rule Priority
- Search Tab
- Users Tab
- Groups Tab
- Zones Tab
How to perform the AD Link Reset via the UMT
Disable any scheduled UMT jobs in Windows Task Scheduler.
Launch the UMT, log into the new domain and create the correct User and Group Rules, however, DO NOT commit those Rules at this point.
Close the UMT.
Add the following AD Link Reset Mode Registry Key.
If you are using more than one UMTs in your environment, you only need to add the Registry Key to one machine and run the AD re-linking from that machine.
HKEY\_CURRENT\_USER\\SOFTWARE\\Citrix\\ShareFile\\UMT String Value Name: EnableADLinkReset Data: you can leave this blank
5. Launch the UMT and log into the new domain
You will see a message letting you know that your UMT is in AD Link Reset Mode. If another user logs into a different machine and launches the UMT, they will receive a message letting them know that the account / UMT is in AD Link Reset Mode and which machine (via Machine Name) is the one performing the AD Link Reset.
6. Navigate to the Rules tab, click ‘refresh’ followed by ‘commit now.’ The users who will be re-linked will have the words ‘Reset User Link’ next to their email address in the actions column.
7. If the re-link was successful you will get a success message, at which point you can exit the UMT (note, upon exiting, the EnableADLinkReset key will be removed if the re-linking was successful)
8. Launch the UMT again, log into the new domain and begin using the UMT in normal operating mode.
At this point, you will want to reconfigure any Scheduled Tasks to point to the new Rules.
If you encounter any errors during the re-linking process and you need to make a change to the UMT Rules to correct the error, such as a User Rule points to a non-existing AD group, etc, follow the below steps to remove the specific machine from being in AD Link Reset Mode:
1. Close the UMT
2. Navigate to the AD Link Reset Mode Registry Key.
- In the data field add the word: False
- This will remove this specific UMT machine, under the current logged in user, from being in AD Link Reset Mode
3. Re-launch the UMT and continue with fixing the miss-configured Rules.
4. Close the UMT.
5. Navigate to the AD Link Reset Mode Registry Key
- Delete the world False from the data field
6. Re-launch the UMT and continue forward with the AD Link Reset Mode process.