If I change RT to use Active Directory authentication, how do I move existing users to be AD users?

Since setting up my work’s RT instance four years ago, we’ve used local users. However, I’d very much like to move us to Active Directory authentication instead. My question is: with years of records already in place, how would I make this transition? How would I make sure existing user accounts become their respective AD accounts?

We’ve always used first initial last name as our username scheme, without the @domain.com part, but AD would use the domain. Does the AD authentication plugin have some kind of mapping or automatic transformation? I should say that all users are internal to our company; we don’t use our RT instance for public tickets. Thus, everyone’s AD username is their current RT username with the @domain.com part added to it.

We have our users imported from the AD using LDAP and don’t have to have the @domain.com part in the users name in RT. Our logins are also done using SSO (SAML2 via a simpleSAMLphp IdP talking to the AD via LDAP).

No need to have the domain part there. On your attr_map¹ just map ‘Name’ to the relevant AD attribute, which in this case is probably sAMAccountName. You probably have it set to ‘mail’ instead.

In either case, you can rename the user in RT if it exists with a different name. Be aware tht login will fail if a user with the same mail but different name already exists.

¹ Set($ExternalSettings, [LDAP => { (…), ‘attr_map’ => …

Thanks for the replies. I didn’t realize the mapping was so easy to configure; this makes much more sense than how I was thinking it would work. Hopefully I get time to try this out sometime soon.