A user was removed from AD and then re-added, but the logs show on logon 'User already exists.'

Hi.
User ‘ben’ was accidentally deleted from AD and then re-added. Most likely, their UserID changed, causing a Rocket.Chat server issue. I’ve changed ‘ben’ to ‘ben2’ on the Rocket.Chat server, and ‘ben’ can now log in via the domain credentials, though they don’t have access to their old posts (which is expected). Only channels/groups work. Ideally, we’d now change the ownership of ‘ben2’'s messages to ‘ben’. Is this possible?
If that’s not possible, can we change the new ‘ben’'s ID to match the old one, allowing access to previous posts and settings?
Greets

Server Setup Information

  • Version of Rocket.Chat Server: 7.4.1
  • Operating System: Debian 12
  • Deployment Method: tar
  • Number of Running Instances: 1
  • DB Replicaset Oplog: wiredTiger oplog active
  • NodeJS Version: 22.11.0
  • MongoDB Version: 6.0.20
  • Proxy: nginx
  • Firewalls involved: iptables

2025-07-02T16:09:59.866426+02:00 rocketchat rocketchat[704]: {“level”:50,“time”:“2025-07-02T14:09:59.863Z”,“pid”:704,“hostname”:“rocketchat”,“name”:“Data Importer - LDAPUserConverter”,“err”:{“type”:“errorClass”,“message”:“Username already exists. [403]”,“stack”:“Error: Username already exists. [403]\n at AccountsServer.insertUserDoc (packages/accounts-base/accounts_server.js:1225:15)\n at processTicksAndRejections (node:internal/process/task_queues:105:5)\n at AccountsServer.Accounts.insertUserDoc (app/authentication/server/startup/index.js:323:14)\n at LDAPUserConverter.insertOrUpdateUser (app/importer/server/classes/converters/UserConverter.ts:241:19)\n at LDAPUserConverter.convertRecord (app/importer/server/classes/converters/UserConverter.ts:53:3)\n at LDAPUserConverter.iterateRecords (app/importer/server/classes/converters/RecordConverter.ts:219:19)\n at LDAPUserConverter.convertData (app/importer/server/classes/converters/UserConverter.ts:64:4)\n at Function.convertSingleUser (server/lib/ldap/UserConverter.ts:51:3)\n at Function.syncUserForLogin (server/lib/ldap/Manager.ts:365:3)\n at Function.addLdapUser (server/lib/ldap/Manager.ts:284:16)\n at Function.login (server/lib/ldap/Manager.ts:53:11)\n at packages/accounts-base/accounts_server.js:593:9\n at tryLoginMethod (packages/accounts-base/accounts_server.js:1560:14)\n at AccountsServer._runLoginHandlers (packages/accounts-base/accounts_server.js:592:22)\n at AccountsServer.Accounts._runLoginHandlers (app/lib/server/lib/loginErrorMessageOverride.ts:9:17)\n at MethodInvocation.methods.login (packages/accounts-base/accounts_server.js:654:22)”,“isClientSafe”:true,“error”:403,“reason”:“Username already exists.”,“errorType”:“Meteor.Error”},“msg”:“Username already exists. [403]”}

This is not easy.

This is probably similar

Great. Thanks. I had this message too…
I’m on mongosh.

db.users.find({username: “ben”});

    _id: '5aCHWotmpHjFmb8Jb',
    createdAt: ISODate('2025-07-02T14:12:26.764Z'),
    type: 'user',
    username: 'ben',
    emails: [ { address: 'ben@example.com', verified: true } ],
    name: 'Jan Ben',
    services: {
      ldap: {
        idAttribute: 'objectGUID',
        id: '0521a64f2ef33d4ea79771a225540938'
      },

after are loginTokens, importIds, ldap…

db.users.find({username: “ben2”});

   _id: 'bkrHkhJjeq2rzqrTT',
    createdAt: ISODate('2023-05-30T11:50:41.986Z'),
    services: {
      password: {
        bcrypt: '...'
      },
      ldap: {
        id: '327ed72e9ef9774fb33cbc8418569307',
        idAttribute: 'objectGUID'
      },
      resume: {}
    },
    emails: [ { address: 'ben2@example.com', verified: false } ],
    type: 'user',
    status: 'offline',
    active: true,
    _updatedAt: ISODate('2025-07-02T14:15:20.328Z'),
    roles: [ 'user' ],
    ldap: true,
    username: 'ben2',

Which ID needs to be changed (and how) so that the new “ben” can access his old posts and settings?

I don’t honestly know.

This stuff is super complex.

I’ll try and ask a dev. Please be patient.

Solution:

In mongosh (use rocketchat), then:

db.users.remove({_id: '5aCHWotmpHjFmb8Jb'});

then

db.users.update(
  {_id: 'bkrHkhJjeq2rzqrTT'},
  {
    $set: {
      username: 'ben',
      'emails.0.address': 'ben@example.com', 
      'services.ldap.id': '0521a64f2ef33d4ea79771a225540938' 
    },
    $unset: {
      'services.password': '' 
    }
  }
);

Thanks, Gemini.

Nice job!

I had just been told that this was the correct solution.

I believe that there are a number of issues that have similar causes with LDAP, AD, etc and the team have been made aware.

Thanks.