Client Field Matching
Entra ID Functionality
Any references to Entra ID on this page refer to new features implemented in HelpMaster versions 24.7 and above. For Entra ID profiles only, Field Matching is locked to Firstname, Lastname, Email to prevent any user matching issues.When the HelpMaster Active Directory (AD) service scans the Windows AD or Entra ID databases for new or matching users, it needs some way to check whether an AD or Entra ID user already exists in the HelpMaster database as a client. This is done by comparing certain fields of the client record in the HelpMaster database with the corresponding fields in AD or Entra ID. Use this screen to instruct the HelpMaster AD service which fields to compare when checking for existing clients.
Function Alert!
This matching pattern doesn’t filter the creation of new clients at all. It is only for checking if any existing HelpMaster clients can be matched to AD or Entra ID users. If there are no clients matching all fields selected, then a new one will be created regardless of the value of these fields in AD or Entra ID. The Query Filter and Create Client Options determine creation filtering.The HelpMaster Active Directory service process
Each time the HelpMaster AD service runs, it will iterate through each of the AD or Entra ID users in the selected OU or group paths, then compare each AD or Entra ID user with all HelpMaster clients using the matching pattern you select from this screen.
-
When a 100% match is found between an AD or Entra ID user and a HelpMaster client, an association between these records will be established rather than creating a new HelpMaster client. This association is then used to keep the client/user in sync with the AD or Entra ID record if the Update existing Clients action is selected. This association records the Windows SID of the Windows AD user (table.column tblUserAccounts.WindowsSID) or Object ID (GUID) of the Entra ID user (table.column tblUserAccounts.AzureObjectID) in your HelpMaster database.
-
If a match is not found, then the HelpMaster AD service assumes that the Windows AD or Entra ID user does not exist in the HelpMaster database, and will therefore create a new HelpMaster client if the Create new Clients action is selected.
As a general rule, use a matching pattern that contains the highest number of fields that you know exist in both your Windows AD or Entra ID data as well as your HelpMaster database. Using a pattern with more fields to match will ensure that the correct HelpMaster client is matched with the corresponding Windows AD or Entra ID user.
Warnings for matching patterns that match on the HelpMaster Client ID and the Active Directory User ID
Three of the matching patterns, match clients using the HelpMaster Client ID to the Windows AD. Care should be taken using these options when you are creating a profile to link existing HelpMaster clients. Remember that the Windows AD user ID may be different to existing HelpMaster client IDs, even though they are they same person. The HelpMaster client ID may have been automatically generated at a previous time using a client ID generation algorithm that does not match up with the way the clients’ Windows AD user ID is stored.
For example, the following table shows the same person, but with a different HelpMaster client ID / AD user name. When such a difference occurs, it is highly recommended not to use any matching pattern that considers the Windows AD user ID. If such a pattern was used, the example record would be seen as different, and a new client for SmithJ would be created in the HelpMaster database.
Field | HelpMaster | Active Directory | Comments |
---|---|---|---|
Client ID / User ID / UPN | JohnS | SmithJ | « note the differences here! |
First Name | John | John | |
Last Name | Smith | Smith | |
john@company.com | john@company.com |
Different profiles, different field matching
Note that it is possible to create multiple HelpMaster Windows AD profiles that have different client field matching options (Not applicable for Entra ID profiles). This may be useful if you need to use one or more of the client matching patterns, or if your Windows AD data contains differing amounts of data for different user fields. If using multiple profiles that each have the Create option checked, please be aware that when a profile cannot establish a match, it will create a new client. To prevent specific AD accounts from being created as clients in HelpMaster, use the Query Filters.
What if the wrong client is matched?
If at any time the wrong HelpMaster client(s) is associated with the wrong AD or Entra ID user, you can manually disassociate the HelpMaster client.
See Also
Working with HelpMaster clients and Active Directory
Working with the Active Directory module
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.