- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎01-31-2017 11:35 AM
The OoB functionality to disable SN accounts if the corresponding AD user account is disabled works perfectly, except in our environment. Our current process is to move the accounts to another OU=disabled users. I looked at other options such as tracking the last refresh time of the account but we need a more immediate option. Is there a way the OoB script can be modified to disable the SN user account if the OU changes/if the account is no longer visible in the user OU?
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎02-01-2017 08:31 AM
Danielle,
I have a data source for each OU that I need to import even though they're all pulling the same attributes. In our environment, a user can move from one to another depending on their job role so, I need to capture all of this, right? The terms hit their own OU during that process and have to remain there for X amount of days based on corporate policy. So, I just pull that termed OU as it's own source and then run the script above.
When you do the imports this way, you can also get granular reporting on just that data source and you're also able to troubleshoot specific users and groups more effectively than doing one giant pull.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎01-31-2017 11:48 AM
Danielle,
In our environment, we do the exact same thing. If AD user account is in "termed-ou" mark active = false. I'll post a screenshot this afternoon for you if that helps.
If you want the user removed from the system completely, I think that's another approach. As it sits, we leave them in the system inactive so we can still see history against their incidents/requests.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎01-31-2017 12:22 PM
Thanks Ben! That is what I'm looking for. We just want to disable the account not remove it.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎01-31-2017 12:29 PM
Awesome! On the transform map for the import is where the following script is running. I'm glad I could help! It marks the account active and locks the account as well just to be safe.
if (source.u_source.indexOf("TERMED-OU") > -1) {
target.active = false;
target.locked_out = true;
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎01-31-2017 12:42 PM
Thanks! I'm guessing you don't have a filter to exclude the termed-ou on your initial pull? You are pulling in all of AD, correct?
