Ldap sync not remove user from group

kristianhaahrde · ‎08-21-2018

When i sync an AD group to a servicenow group, it add all members correctly.

When one of the user change team and not are member of the AD group anymore, it should be sync to the servicenow group, but the user still exist in the servicenow group, because the sync not remove the users who not exist in the ad group anymore.

What is the best solution, maybie there is a OOB feature to handle it, so i not have to write a script for all my ldap transform maps?

Allen Andreas · ‎08-21-2018

Hi,

In System LDAP > Transform Maps, click the map you use when you sync:

Scroll down to the bottom and click on Transform Scripts tab:

Then you'll see three scripts there, one is an onBefore script that is actually set to inactive by default. You'll want to activate this script:

This will remove inactive users from SN based on their AD inactive status.

Please mark reply as Helpful/Correct, if applicable. Thanks!

Please consider marking my reply as Helpful and/or Accept Solution, if applicable. Thanks!

kristianhaahrde · ‎08-22-2018

the user is not inactive, just change the team and now it still in my assignment group, even the user no more memberof the adgroup

Allen Andreas · ‎08-22-2018

How often do you have your LDAP group import sync?

Mark reply as Helpful/Correct, if applicable. Thanks!

Please consider marking my reply as Helpful and/or Accept Solution, if applicable. Thanks!

kristianhaahrde · ‎08-22-2018

every 1 hour