Hi,
I’m trying to search for users AD last logon date and then by using transform calculating number of days since last logon. If it is greater than 45 days, I need to disable the user’s AD account.
Can anyone share some idea to test this use case.
Intially, I thought of setting a lifecycle state for users that come under above condition, But I don’t want to disturb the user’s lifecycle state. Is there any other way of doing this.
Assuming the AD last logon date is an identity attribute, you could set up a Workflow that runs on a daily schedule and executes a search query that will find every AD account that hasn’t logged on in the past 45 days. Then run a loop on each identity the search finds and use the Account Manage action to disable each one.
Thanks much for the information.
Unfortunately, we dont have workflow module in our system, if there any other option i can try other than workflow.
Use the identity attribute and assign role based on that attribute.
This role would assign dummy group on the AD account. Dummy group needs to be created in AD , aggregated and need to create access profile from it.
When you see this specific dummy group in provisioning plan, use before provisioning rule and convert the operation to disable. You can achieve this using standard services before provisioning rule.