How to set disabled Active Directory users to inactive in SNOW

Binu6 · ‎02-16-2021

Hello,

What is the best way to disable servicenow accounts for users inactive in Active Directory? Is it transform map or business rule? I have read about creating the UserAccountControl as a field and mapping that field.

Please advise.

Ankur Bawiskar · ‎02-16-2021

@Binu

this link from docs has the solution

Find inactive LDAP accounts using the userAccountControl field

Regards
Ankur

Regards,
Ankur
✨ Certified Technical Architect || ✨ 9x ServiceNow MVP || ✨ ServiceNow Community Leader

View solution in original post

Michael Jones - · ‎02-16-2021

How are you actually provisioning users in your instance; are you doing so via an LDAP integration, or another method?

If you are using LDAP then, yes, the recommended approach is to use the userAccountControl and a custom field populated on LDAP import/update, and a business rule on update to set the user record to active=false when a value of 514 is populated in that field. That is the best approach that I've seen.

https://docs.servicenow.com/bundle/paris-platform-administration/page/integrate/ldap/concept/c_Inact...

https://docs.servicenow.com/bundle/paris-platform-administration/page/integrate/ldap/task/t_FindInac...

I hope this helps!

If this was helpful or correct, please be kind and remember to click appropriately!

Michael Jones - Proud member of the CloudPires team!

I hope this helps!
Michael D. Jones
Proud member of the GlideFast Consulting Team!

Michael Jones - · ‎02-19-2021

You marked my answer as correct and then marked a later answer (with the exactly the same link that I provided and less information) as the correct one. Was that an error or did I miss something in my answer?