Found another gotcha, also related to the LDAP accounts. Now that all the LDAP accounts are “new” users, not linked to their original 8.x LDAP accounts, our operators no longer own or have access to their existing Custom Reports and Scheduled Activities.
I can probably work out the SQL updates to reassign the old reports & activities to the new LDAP accounts, but does anyone have that handy and want to save me a couple hours of recreating it?
UPDATE USER_NAMES
SET LoginName=Substring(LoginName,5,LEN(LoginName)) + '@mydomain.gov',LdapID= 34, DatabaseID= -1995325477, ADGuid= NULL
WHERE LoginName LIKE 'MYDOMAIN\%'
(MYDOMAIN\ is 5 characters long, hence the Substring() length of 5)
edit: LdapID and DatabaseID are very likely specific to my environment. I retrieved these numbers by configuring an LDAP role, then logging on with several new LDAP users to determine that LdapID and DatabaseID are the same, at least for multiple users from the same LDAP identity source.
Good hackery. You essentially added an LDAP user migration to the new model with your Web Reports server migration. Thus the additional steps required. Alternatively, you could have reverted the newly installed Web Reports to the old style AD support by setting “UseLegacyADLogin” to 1 in HKLM\Software\BigFix\Enterprise Server\BESReports and restarting the WR service. That would have allowed your pre-existing WR users to work.