Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Thread Info
Options
Suggested

Username changes in Active Directory

Ottoman

We have a new corporate policy which requires all usernames to be in a different standard format to what it used to be. Previously it was first name first initial + surname (jdoe) now it's first name + . + surname (john.doe).

I've changed an existing account in AD to the new format but the Sophos does not recognise the name change and instead creates a brand new user. Almost as though Sophos is linking users on username instead of their GUID. Surely this can't be the case.

I've got 150 users all setup and working with MFA and SSLVPN already. Having to create this all again from scratcjh would be a nightmare.

Any suggestions?



Added TAGs
[edited by: Erick Jan at 1:15 AM (GMT -8) on 22 Jan 2025]
  • 0

    Firewall is unaware of user GUID and thus the creation of a new user is what I expect and have experienced here.
    You can check the current UPN threads here. It's a bit of a pain that you now need to

    1. recreate MFA

    2. recreate SSLVPN connection

    3. recreate permissions inside SFOS (Admin users, Wifi Hotspot users)

    otherwise: think of the current user MFA and how it is shown in your authenticator:

    you will see the current username. It would cause confusion too, if the actual username would now be john.doe and on the authenticator app you see jdoe. At least this is then a unique new entry in the authenticator app.

    • 0 in reply to LHerzog

      Thanks for the reply.

      The new username replicated throughout Office 365 and every single SSO app without any problem or interruption to any service. The only thing that broke was Sophos SSLVPN. Such a terrible design to link AD users on the username instead of the unique GUID. As you said, will need to reconfigure everything.

      Big job coming up.

Unfiltered HTML