Deactivate user when not found on the LDAP import
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-04-2014 03:23 PM
Greetings
Our LDAP management seems to be a lot different than most companies. The out of box deactivation script is looking for the users to go into a specific OU of have a specific field marked. I need a much simpler script. IF a user is not found on the AD import and already exist as active on ServiceNow AND was initially imported via LDAP (User Source is not blank) , then deactivate.
I am hoping someone might have something very similar I can do some minor adjusting to.
Out of Box on before deactivated scriptnot being used (Part of the LDAP import)
var ctrl = parseInt(source.u_useraccountcontrol, 10);
ctrl = ctrl.toString(16);
//The relevant digit is the final one
//A final hex digit value of '2' in 'ctrl' means disabled
if (ctrl.substr(-1) == "2") {
target.active = false;
target.locked_out = true;
if (action == 'insert')
ignore = true;
} else {
//Optional: Reactivate and unlock the user account
//target.active = true;
//target.locked_out = ctrl.substr(-2, 1) == "1";
}
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-07-2014 11:21 AM
Hey mark,
I cooked this up for you. It is by no means the best way or the fastest. It works in my instance but you will have to tweak it for yours I am sure.
var imp_arr = [], usr_arr = [], i, c=0, fin = [], aU = new ArrayUtil();
var importr = new GlideRecord('ldap_import');
importr.addQuery('sys_import_set', '74fefb1419369100200f3162d04538c0');//use a recent ISET sys_id
importr.query();
while(importr.next()) {
imp_arr.push(importr.u_userprincipalname.toString().toLowerCase()); //pushing upn from AD, normalized email address
}
var user = new GlideRecord('sys_user');
user.addActiveQuery();
user.query();
while(user.next()) {
usr_arr.push(user.email.toString().toLowerCase());//normalized email address
}
//gs.print("ldap import list length: "+ imp_arr.length);
//gs.print("sys user list length: " + usr_arr.length);
//replaceing .net with .com in imp_array:
//the following 3 lines are necessary for my instance to normalize the data.
//replacing .net with .com for emails from AD
for(var j=0; j < imp_arr.length; j++) {
imp_arr[j] = imp_arr[j].replace(/.net/g, '.com');
}
//gs.print(imp_arr);//uncomment to see contents of the array
//gs.print(usr_arr);//uncomment to see contents of the array
//object iteration loop, NOT the best way.
for(i in imp_arr) {
++c;
if ( aU.indexOf(usr_arr, imp_arr[i]) == -1 ) {//if value in user is not found in ldap
fin.push(imp_arr[i]);//push it to the disabled array
}
}
//gs.print("loops through ldap array = " + c);//ensureing correct iteration count
gs.print("fin length = " + fin.length);
/*
From here, the fin array should contain what you want.
*/
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-07-2014 11:26 AM
Wow
That was super cool of you!
I really do appreciate it. I promise to use it once I tweak it out.
Thank you,
Mark Bailey
on: Description: Description: Contact
ServiceNow Administrator
281.776.6655
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-27-2014 05:02 AM
Mark,
have you been able to use the script and can give a feedback about how it worked out?
I'm having the same issue and as well have to get started with scripting in this case.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-12-2014 11:27 AM
Curious also as to how this worked out. Running into the same issue where need to deactivate users.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-12-2014 11:29 AM
I have not put it in place so I can't respond.
Thank you,
Mark Bailey
on: Description: Description: Contact
ServiceNow Administrator
281.776.6655
