Dist Management in Combination with Active Directory
Re-sorting/Synchronization of Users without Lost of History
To avoid this problem, use the config entries "lowestUserId in the [auth] section and firstLoginEnabled in the [distsync]
section. Therefore, the workaround described below is not required.
Problem (with the aid of a simple example):
A distributed system consists of two WinCC OA projects that are connected to each other and to a an Active Directory.
Active Directory Server Existing User: |
---|
Testuser1 |
Testuser2 |
Testuser3 |
WinCC OA Dist System1
|
WinCC OA Dist System2
|
Based on the logins, the following WinCC OA users are created on both systems:
System1 (User name) |
System1 (WinCC OA user ID) |
System2 (User name) |
System2 (WinCC OA user ID) |
---|---|---|---|
Testuser1 | 1 | Testuser3 | 1 |
Testuser2 | 2 | Testuser1 | 2 |
Testuser3 | 3 | - | - |
When, for example, the Testuser1 logs in to the System2 with a user interface, sets a value (e.g. flow rate), the value is archived in the System2 with the user ID 2.
If a historical query is executed from a user interface that is opened directly on System2, the query returns that the user with the ID 2 (meaning "Testuser1" on the system 2) set the value.
If you open a user interface directly on System1, that executes a historical query of the setpoint value of System2, the query returns that the user with the ID 2 set the value. The ID 2 is interpreted for the display (e.g. analyze table) on the basis of the local users on the System1. Therefore, the Testuser2 would erroneously be shown as the user who set the setpoint value.
In order to avoid this behavior, the WinCC OA users must be identical (name, order/ID) on all distributed systems of a distributed group.
Therefore, use the WinCC OA feature Dist-Management that allows you to synchronize the WinCC OA users in a distributed group.
Therefore, specify one system of the group as a "Master" (like a master template). All other systems are synchronized with the data from this master system (one way, this means everything is overwritten on the other systems).
In the example above, the System1 would be specified as a "MASTER" since everything is correct on the master and is therefore used as a reference.
Before Synchronization:
System1 (MASTER) (User name) |
System1 (MASTER) (WinCC OA User ID) |
System2 (User name) |
System2 (WinCC OA User ID) |
---|---|---|---|
Testuser1 | 1 | Testuser3 | 1 |
Testuser2 | 2 | Testuser1 | 2 |
Testuser3 | 3 | - | - |
After the Synchronization:
System1 (MASTER) (User name) |
System1 (MASTER) (WinCC OA User ID) |
System2 (User name) |
System2 (WinCC OA User ID) |
---|---|---|---|
Testuser1 | 1 | Testuser1 | 1 |
Testuser2 | 2 | Testuser2 | 2 |
Testuser3 | 3 | Testuser3 | 3 |
The users would be identical and a historical query of the user ID 2 would always show the Testuser2 independent of the user interface the query is executed on.
For queries "before the synchronization" this would be incorrect since the above query should associate the Testuser1 with the ID 2 for such historical queries.
Only for queries for the time "after the synchronization" the Testuser2 must be returned for the ID 2.
This problem with historical data can only be solved by separating the ID range of the created users available before the synchronization from the users after the synchronization, on all systems.
The solution is (by using the Dist management and System1 as Master):
At this point you must execute an ASCII export of the original values of the data points _Users, _Groups, _Areas of all systems involved. These exports should be saved for archiving purposes!
WinCC OA Dist System1 (MASTER)
|
WinCC OA Dist System2
|
After this step the following user structure can be found on the systems. The _DeletedUsers remain unmodified on all systems since these were not synchronized through the Dist management.
Data point type |
System1 (MASTER) (User name) |
System1 (MASTER) (WinCC OA User ID) |
System2 (User name) |
System2 (WinCC OA User ID) |
---|---|---|---|---|
_DeletedUsers | Testuser1 | 1 | Testuser3 | 1 |
_DeletedUsers | Testuser2 | 2 | Testuser1 | 2 |
_DeletedUsers | Testuser3 | 3 | - | - |
_Users | Testuser1 | 500 | Testuser1 | 500 |
_Users | Testuser2 | 501 | Testuser2 | 501 |
_Users | Testuser3 | 502 | Testuser3 | 502 |
Future queries of periods AFTER "Date X" will always return the same User/ID combination on all systems and will be shown correctly.
For historical queries the old IDs (with low numbers) are saved in the „_DeletedUsers“ per system and mistakes are impossible. The conclusion of the historically correct user name for the periods "BEFORE Date X" is technically possible. If the archived ID is not found in the active users, it can be queried from the _DeletedUsers.