How to deal with deleted users in Active Directory (LDAP)

greggszul
Tera Expert

‎01-04-2023 06:04 AM

Hello,

 

Just recently we have encountered an issue when, we've noticed that that when user object is deleted from Active Directory, it is not deactivated in Servicenow (which is most probably correct, as we don't pull object data to Servicenow so there is nothing to update).

 

So my question is that is there any best practice to deal with such scenario (user deleted in AD, not deactivated), so we can update our sys_user table correctly?

 

Thank you!

0 Helpfuls
  • 1,966 Views
8 REPLIES 8

Mike_R
Kilo Patron
Kilo Patron

‎01-04-2023 06:39 AM

What's your process around deleting AD accounts? If there's already a workflow or KB article, maybe you can add a step to update the sys_user table?

 

 

Mike
* My Collection of ServiceNow Stuff *

0 Helpfuls

greggszul
Tera Expert
In response to Mike_R

‎01-04-2023 07:10 AM

I guess someone deleted it instead of deactivating. So, what we want to do is to prevent our instance from having users who shouldn't be there.

 

Of course those are corner cases but still, it would be nice to have some workaround in such cases.

0 Helpfuls

Saurabh Gupta
Kilo Patron
Kilo Patron
In response to greggszul

‎01-04-2023 07:13 AM

Hi,
Are you doing a full load in a day?

 

 


Thanks and Regards,

Saurabh Gupta

0 Helpfuls

Michael Everson
Tera Contributor

‎01-04-2023 08:34 PM

If the object is being deleted, rather than having its status and/or OU updated, then I think your solution would be to track when the last time was that you saw it in AD and deactivate it after a certain period. You could either look at import set rows or store a timestamp on the user record.

 

If there is a better way, I'd be interested in learning it.

0 Helpfuls