- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎10-31-2016 01:25 PM
Hi all,
We have started to query an OU to deactivate users with userAccountControl values of 514 and 546 (former employees are moved to a different OU before the userAccountControl value is changed). When the load is executed inserts are made for users that have never existed in ServiceNow. We only need to update existing records in sys_user and deactivate them, not insert any new records.
We can't get the onBefore transform script below to work:
//Ignore any insert of a disabled record as defined by the 'userAccountControl' attribute
var uc = source.u_useraccountcontrol;
if((uc == '514' || uc == '546') && action == 'insert'){
ignore = true;
}
Is the above script for this purpose or am I missing something?
Thanks,
Jim
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎10-31-2016 04:10 PM
Did you review the out of the box onBefore script:
//Convert the userAccountControl attribute to a hex value
var ctrl = parseInt(source.u_useraccountcontrol, 10);
ctrl = ctrl.toString(16);
//The relevant digit is the final one
//A final hex digit value of '2' in 'ctrl' means disabled
if (ctrl.substr(-1) == "2") {
target.active = false;
target.locked_out = true;
if (action == 'insert')
ignore = true;
} else {
//Optional: Reactivate and unlock the user account
//target.active = true;
//target.locked_out = ctrl.substr(-2, 1) == "1";
}
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎10-31-2016 04:10 PM
Did you review the out of the box onBefore script:
//Convert the userAccountControl attribute to a hex value
var ctrl = parseInt(source.u_useraccountcontrol, 10);
ctrl = ctrl.toString(16);
//The relevant digit is the final one
//A final hex digit value of '2' in 'ctrl' means disabled
if (ctrl.substr(-1) == "2") {
target.active = false;
target.locked_out = true;
if (action == 'insert')
ignore = true;
} else {
//Optional: Reactivate and unlock the user account
//target.active = true;
//target.locked_out = ctrl.substr(-2, 1) == "1";
}
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎10-31-2016 05:37 PM
Yes, used the OOB onBefore script and still AD disabled users are inserted into the sys_user table
Can the script be OOB, or are any changes required prior to using it?
Thanks,
Jim
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎10-31-2016 05:57 PM
Hi Jim,
It does seem like this should ignore the insert. You may want to print the value of "uc" in the logs to see if that provides a clue as to why the "ignore" value is not being set as expected.
Marty
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎10-31-2016 08:00 PM
The script I posted is checking the source. Shouldn't it be the import table as the action is onBefore?
In which case it should go like this?
//Ignore any insert of a disabled record as defined by the 'userAccountControl' attribute
//var uc = source.u_useraccountcontrol;
var uc = ldap_import.u_useraccountcontrol
if((uc == '514' || uc == '546') && action == 'insert'){
ignore = true;
}
Are there any risks checking from the import rather than excluding objects at source level?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎11-01-2016 02:08 AM
"source" is the import table
//Göran
