Hi @vdivakar ,
As of I know, disablement should be done by sailpoint ootb standard service. My powershell script is for handle OU movement only.
Also, I notice that even it is a leaver event, it detected as “Modify”, that is why AD account is not moved to terminated OU.
Hey, Can you please change the identity state from “Inactive (long-term)” to “inactive (short-term)” and set the inactive LCS for an identity and see whether it triggers the Disable Account event.
Hi @suresh4iam ,
Both long term and short term is providing same result, AD account is not disable in AD. Is it possible related to leaver workflow in the ISC tenant? Currently, I am not enable the workflow yet.
Since you are not enabled the Workflow, it shouldn’t be the case. I can see you enabled the lifecycle for inactive, please disable, apply the changes and re-enable it one more time with Inactive (short-term) and give apply changes again. I’m still wondering why the disable event is not triggered! So just want to reapply the changes one more time and test it. Also check whether you have anything in the Disable provisioning plan in AD.
Hi @suresh4iam ,
Tried disable, apply the change and enable, apply the change. Give it a test, unfortunately, the disablement still not process. I also wonder which part is wrong.
Regarding the disable provision plan, can you clarify further? Is it regarding the rule attached to the AD source? Currently I do not have any rule attach to the source.
This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.