- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎10-31-2016 01:25 PM
Hi all,
We have started to query an OU to deactivate users with userAccountControl values of 514 and 546 (former employees are moved to a different OU before the userAccountControl value is changed). When the load is executed inserts are made for users that have never existed in ServiceNow. We only need to update existing records in sys_user and deactivate them, not insert any new records.
We can't get the onBefore transform script below to work:
//Ignore any insert of a disabled record as defined by the 'userAccountControl' attribute
var uc = source.u_useraccountcontrol;
if((uc == '514' || uc == '546') && action == 'insert'){
ignore = true;
}
Is the above script for this purpose or am I missing something?
Thanks,
Jim
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎10-31-2016 04:10 PM
Did you review the out of the box onBefore script:
//Convert the userAccountControl attribute to a hex value
var ctrl = parseInt(source.u_useraccountcontrol, 10);
ctrl = ctrl.toString(16);
//The relevant digit is the final one
//A final hex digit value of '2' in 'ctrl' means disabled
if (ctrl.substr(-1) == "2") {
target.active = false;
target.locked_out = true;
if (action == 'insert')
ignore = true;
} else {
//Optional: Reactivate and unlock the user account
//target.active = true;
//target.locked_out = ctrl.substr(-2, 1) == "1";
}
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎10-31-2016 03:06 PM
The script about will(shouldn't) insert new inactive AD users. but it wont disable the ones that are inactive AD and already synced over to SN. For that you need a few more lines only.
//Göran
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎10-31-2016 03:49 PM
Hi Goran,
Thanks for the response.
I'm using a business rule to deactivate the users that are disabled in AD and already synced to ServiceNow. That works well but I can't seem to stop the insert of new records for disabled AD users.
Thanks,
Jim
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎02-21-2019 12:43 AM
Hello Jim,
Can you please share the Business rule to deactivate the users that are disabled in AD and already synced to ServiceNow. I have created below but did not work.
Created an integer field on user form "u_user_account_control" & did field mapping.
Business rule:
When to run - Before
Condition - current.u_user_account_control.changes()
Script - var disabledFlag = 2;
//perform a bitwise comparison on userAccountControl to see if the 2 bit flag is enabled
if (current.u_user_account_control & disabledFlag) {
gs.log('Disabling user: ' + current.user_name + 'userAccountControl=' + current.u_user_account_control);
current.active='false';
current.locked_out='true';
}
Thanks
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎02-21-2019 02:54 AM
Hello Goran,
What extra arrangement we need to do in above script to disable users that are inactive in AD and already synced to SN.
Thanks
