As far as i investigate that after authenticating users Web Sec. is creating a
record on the SQL database and give that record a domain_id and user_id.
After that any web traffic which is requested from this user LDAP query is logged
and associated with that user_id on the MSSQL database.
But when the user is moved to another OU container on the active
directory this user is re-authenticated and a new user and domain id is
created for that record on the websense SQL DB. And new web requests
from that user LDAP query is associated with this new id on the database.
But at the end we have two different records in our hand which were related with the same user. So i
understand that, if a user changes its OU he could have two or more different records on the SQL, so this is why there is multiple different
records on the investigate reports(1 month user report).
Microsoft tech guys had told me that "SAM-Account-Name" is unique for every user, so maybe websense can user it for merging that users ?
Regards,
NSK