- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
2 weeks ago
Hi Team,
How to implement if if an User account is deleted rather than disabled in Active Directory, nothing happens in ServiceNow. how to solve problem.
if an account is deleted or not found it will also be marked inactive in ServiceNow after 2 weeks.
If any one know please Help me out.
Currently working for deactivated accounts but not working for deleted accounts
Thanks & Regards,
PB
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
yesterday
Can you help me script part i will schedule 2 weeks once plan to update disabled users or deleted users as you said & I have not receive any details from the integration regarding disabled user, (sys_updated_on field of user records and if it is not recently updated, you can make it inactive. This can be done via scheduled job based on the frequency of your AD synchronization. ) - How to active this
Thanks & regards,
PB
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
2 weeks ago
Hi @pavana3 ,
User accounts should never be deleted specially if it have associated records - Incident, problems etc. Deleting user account from AD also did not make any sense so basically deleting account is not a correct approach.
if my answer helped you, please mark it- solution accepted.
Regards,
Nikhil Bajaj
Regards,
Nikhil Bajaj
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
2 weeks ago
Hi @pavana3 - Good Day!!
If the user account is being deleted, I think the solution would be to check when was the user account was last found in the AD. You can use the import set table if the user was found or not in the staging table, then run a scheduled job to delete after n (say 14) numbers of the day.
Happy to know if you found a better solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
2 weeks ago
First discuss with your Enterprise Architect and AD team to understand why user record is being deleted as right approach would be to make it soft delete [inactive]. If possible, fix the process followed by AD team in handling deletion. If it does not work, try below solution.
Below is the recommended approach when user in LDAP is deleted. You can use similar logic for AD.
Recommendation is to not delete user records even if they are deleted from AD as user table is a reference to many key tables and deleting the user record might impact other related tables & relationships. Best practice is to make the user record inactive in ServiceNow when user is soft-deleted from AD.
If this helped to answer your query, please mark it helpful & accept the solution.
Thanks,
Bhuvan
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
2 weeks ago
Your wright but ...Currently if an Active Directory (LDAP) account is disabled, after 2 weeks it is marked inactive in ServiceNow. However, if an account is deleted rather than disabled in Active Directory, nothing happens in ServiceNow. We need to replicate the logic that exists for disabled accounts so that if an account is deleted or not found it will also be marked inactive in ServiceNow after 2 weeks
-> If an account currently in ServiceNow from LDAP cannot be found during import, whether that is because it has been deleted or moved to an OU that isn't imported, it should be marked as "inactive" after 2 weeks of not being found. The 2 weeks is a buffer in case some temporary network issue prevents SN from seeing LDAP at all, so it doesn't inactivate all accounts.
I hope you understand the problem and how to solve this please needful on this.
Thank you ,
Regards,
Pavana
