If you have your Windchill server instance setup to authenticate users against your Active Directory (AD) you will need to keep an eye on your disconnected principals (Site – Utilities – Principal Administrator – Maintenance). Disconnected principals are AD accounts that have been deleted or disabled, and Windchill is letting you know that it is unable to associate records in the WTUser table to an active AD account.
If this que is left untouched it can cause your system to behave abnormally. So it’s a good thing to check this que at least once a week. If you are seeing accounts showing up here that means that their AD accounts have been either deleted or disabled. In the past I have seen Windchill mark an active account as being a disconnected principal. The following steps will help you resolve this issue.
First, you will need to get the idA2AS number of the account in questions. The idA2A2 is the unique identifier for each record in the WTUser table. The following script will get you the idA2A2 for the records in question:
select idA2A2,name, repairNeeded from wtuser.WTUser
where repairNeeded = 1
The results from the script should match what is showing from the principal pal administrator screen.
Now to update the record so that it’s not longer a disconnected principal.This script will update record in the WTUser table to no longer be a disconnected principal:
repairNeeded = 0
where idA2A2 = idA2A2_from_previous_script
After the script is executed refresh the disconnected principals page in Windchill. The account in question should disappear. repeat the update script for each disconnected principal that you wish to correct. If you have any questions about this steps above feel free to email me.