Disabling SN account swhen AD account is moved to the disabled user OU

Go to solution
daniellethomson
Tera Expert

‎01-31-2017 11:35 AM

The OoB functionality to disable SN accounts if the corresponding AD user account is disabled works perfectly, except in our environment. Our current process is to move the accounts to another OU=disabled users. I looked at other options such as tracking the last refresh time of the account but we need a more immediate option. Is there a way the OoB script can be modified to disable the SN user account if the OU changes/if the account is no longer visible in the user OU?

0 Helpfuls
  • 2,476 Views
1 ACCEPTED SOLUTION

Go to solution
bjhughey164
Mega Expert
In response to daniellethomson

‎02-01-2017 08:31 AM

Danielle,



I have a data source for each OU that I need to import even though they're all pulling the same attributes. In our environment, a user can move from one to another depending on their job role so, I need to capture all of this, right? The terms hit their own OU during that process and have to remain there for X amount of days based on corporate policy. So, I just pull that termed OU as it's own source and then run the script above.



When you do the imports this way, you can also get granular reporting on just that data source and you're also able to troubleshoot specific users and groups more effectively than doing one giant pull.


View solution in original post

0 Helpfuls
18 REPLIES 18

Go to solution
bjhughey164
Mega Expert
In response to daniellethomson

‎01-31-2017 12:48 PM

That's correct. I do the import on that OU as normal and then let my script do the dirty work, or the cleanup work as it were.


0 Helpfuls

Go to solution
daniellethomson
Tera Expert
In response to bjhughey164

‎01-31-2017 12:53 PM

Thanks I will try it out with our disabled user OU.


0 Helpfuls

Go to solution
Mark Laucus
Giga Guru

‎01-31-2017 01:04 PM

I have the same challenge in disabling users



What I was planning on doing was creating another LDAP OU Definition using the OU where I have the disabled users.   Then I will create a separate data source utilizing the new LDAP definition utilizing the script such as mentioned above.  


0 Helpfuls

Go to solution
daniellethomson
Tera Expert
In response to Mark Laucus

‎02-01-2017 08:13 AM

Mark- Are you excluding the disabled user OU in your initial filter? Just want to understand the reasoning behind creating a separate OU definition and data source.


0 Helpfuls

Go to solution
bjhughey164
Mega Expert
In response to daniellethomson

‎02-01-2017 08:31 AM

Danielle,



I have a data source for each OU that I need to import even though they're all pulling the same attributes. In our environment, a user can move from one to another depending on their job role so, I need to capture all of this, right? The terms hit their own OU during that process and have to remain there for X amount of days based on corporate policy. So, I just pull that termed OU as it's own source and then run the script above.



When you do the imports this way, you can also get granular reporting on just that data source and you're also able to troubleshoot specific users and groups more effectively than doing one giant pull.


0 Helpfuls