We Find inactive LDAP accounts using the last refresh time.
In this method, we add a Last Refreshed field to the user record and set the
value during the import process. We create a scheduled job that checks for users
that have not been refreshed in 30 days, and deactivate them.
target.u_last_refreshed = gs.now();
Create
a scheduled job to find and deactivate the user accounts that have not been
refreshed in 30 days.
disable_users();
function disable_users() {
/*
*
query for active users with ldap source and last updated more than 30 days ago
*
disable them
*/
var
gr = new GlideRecord("sys_user");
gr.addQuery('u_last_refreshed', '<', gs.daysAgoStart(30));
gr.addQuery('active', true);
gr.addQuery('source', '!=', '');
gr.query();
while (gr.next()) {
gr.active = false;
gs.log("Disabled inactive user: " + gr.user_name + " -
last updated: " + gr.u_last_refreshed);
gr.update();
}
gs.log("Completed disabling inactive accounts");
}
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.