What do you do when an user leaves the company?

kellyobrien · ‎06-08-2015

I am working on a plan to get notifications when a user leaves the company. We have multiple areas (CI owners/assigned to, CI class owners, assignment group mangers, queue owners, queue managers, Asset group owners/assigned to... I think you get the point) where we run into issues when someone leaves the company and has many different pieces assigned to them. We have groups that are still owned and managed by users that left the company more than 6 months ago.

So, my question is... What do you do when a user leaves to ensure that all of the points they are included in are reassigned?

randrews · ‎06-08-2015

we are working on that...

we have started creating a deprovision user script that will deprovision the users in Service First when they have been marked as inactive aren't in an LOA container and not updated for 7 or more days....

right NOW we are just doing the following:

clearing them as the assigned to on any open tasks <and sending an email to the manager of the group that we have done so
clearing them as the app owner/business owner in the cmdb
clearing out the user name and employee id fields <this prevents duplicate users>
Remove all roles from the user
remove the user from all groups

i hope when i revisit the script in version 2 to include more with groups clearing them from the group manager and emailing the SN support group <us> to get a new manager for the group

we are doing this as a scheduled job right now.. but if you have a better idea please let me know... our real drive in the first pass was to stop creating duplicates when AD reuses the user ID.

__________edited to add two more things we do in the script----------------

poyntzj · ‎06-08-2015

All our users are AD role driven so as soon as the AD is updated so is Servicenow - users, managers, groups, etc

Our users also have the ability to work on the users "Delegations" if they are the manager is AD (I may also look to extend this so a manager of any group the user belongs to can amend the delegations too) this means they can delegate any open tickets

In our assignment groups we also allow some people to reassign tickets (manager, co managers and anyone assigned as an assigner) so they can reallocated the tickets too if needed.

Problem is the CMDB_CI, Service offerings - which we are a bit slack on.

I may look to write something soon that emails us admins with a list of CI / SO that have managers / owners assigned who are inactive. at least we know

I do however have a script that will replace the details on the records.

just needs us to provide the two names - old owner, new owner.

Uncle Rob · ‎06-08-2015

If you're talking about users with roles in ServiceNow specifically, then everything pretty much depends on having a good offboarding process with whatever system is your source of truth for people info. If that system can feed its people info into ServiceNow, then its all reporting from there.

I'd suggest a new field on the user table that governs "is termed", rather than the active flag. Just setting Active to False will make the record effectively invisible to non-admin (which will stop you from offloading this work from ServiceNow developers, who usually must double as admins). Have whatever your authoritative feed set that new field when a user is termed.

From there, have whatever team does your ServiceNow administrative tasks run a daily report of all Group Members where the Group Membership's User reference has your term field set to true. Manually unassign and reconcile instances where groups need new managers, etc. This manual step will help you list all the things you need to automate (ie. managerial replacement).

Once those tasks are standardized, you can automate them, such that when the term property is checked, SN automatically unassigns groups, roles, etc.

Hope that helps.

billdavenport1 · ‎06-08-2015

I agree with rfedoruk that the answer lies in automated Off-boarding supported by GOOD Data from an authoritative source. Getting both of these in place are going to be a lot of work. ~ Bill