how we can inactivate users by using LDAP

Go to solution
Dipu_9999
Tera Expert

‎11-17-2024 08:51 PM

Dipu_9999_0-1731905082588.png

In LDAP requirement is 'doing inactive means. Let's take an example if someone left the organization then their user record in ServiceNow needs to be marked as inactive.' In this, I wrote a script for marking users as inactive using LDAP, but it's not working as expected; it's also marking active members as inactive. I need suggestions and corrections on this.

0 Helpfuls
  • 635 Views
1 ACCEPTED SOLUTION

Go to solution
Sohail Khilji
Kilo Patron
Kilo Patron

‎11-17-2024 11:33 PM

Hi @Dipu_9999 ,

 

Here the users who left the organization needs to be controlled in AD, if the user is marked inactive in AD the same would reflect on the Servicenow. There are certain attribute that lets you check for user is active or inactive on AD based on that you can set the transform script to action on servicenow.

 

Here is what i suggest create an OnBefore Transform Script for the LDAP OU Definition of Disabled User Accounts catches the inactive AD accounts (marked as 514 or 546 depending on account type) and marks their ServiceNow account as inactive and locked out: 

 

//Deactivate LDAP-disabled users during transform based on 'userAccountControl' attribute.
if(source.u_useraccountcontrol == '514' || source.u_useraccountcontrol == '546'){
   target.active=false;
   target.locked_out=true;
}

 

I hope this helps...

 


☑️ Please mark responses as HELPFUL or ACCEPT SOLUTION to assist future users in finding the right solution....

LinkedIn - Lets Connect

View solution in original post

3 REPLIES 3

Go to solution
Valmik Patil1
Kilo Sage

‎11-17-2024 09:14 PM

Hello @Dipu_9999 ,

You are not updating record in if condition

update your if condition as below

if(usr.next()) {
usr.active = false;
usr.update();
return true;// if user updated successfully

}else{
return false; // if no user found
}

Let me know if works for you.

Thanks,

Valmik Patil

Go to solution
Community Alums
Not applicable

‎11-17-2024 11:23 PM

Could also do this in a transform script over field map script

0 Helpfuls

Go to solution
Sohail Khilji
Kilo Patron
Kilo Patron

‎11-17-2024 11:33 PM

Hi @Dipu_9999 ,

 

Here the users who left the organization needs to be controlled in AD, if the user is marked inactive in AD the same would reflect on the Servicenow. There are certain attribute that lets you check for user is active or inactive on AD based on that you can set the transform script to action on servicenow.

 

Here is what i suggest create an OnBefore Transform Script for the LDAP OU Definition of Disabled User Accounts catches the inactive AD accounts (marked as 514 or 546 depending on account type) and marks their ServiceNow account as inactive and locked out: 

 

//Deactivate LDAP-disabled users during transform based on 'userAccountControl' attribute.
if(source.u_useraccountcontrol == '514' || source.u_useraccountcontrol == '546'){
   target.active=false;
   target.locked_out=true;
}

 

I hope this helps...

 


☑️ Please mark responses as HELPFUL or ACCEPT SOLUTION to assist future users in finding the right solution....

LinkedIn - Lets Connect