Our organizations has created a workflow which evaluates login times for accounts across a couple of different sources, and if the user has not logged in within 45 days, their account gets disabled. This part of the process works as intended, with no issues. As part of this process, we would like to be able to append to an Active Directory attribute, to state the reason why the account was disabled, and who to reach out to for next steps. What is the best way to accomplish this?
We have a method to do this via PowerShell, but invoking a PowerShell script within a workflow does not seem like an easy/ native process
the easiest way would be to modify the ProvisioningPlan, which you are using to disable / lock the account, by adding an AttributeRequest (to its accountRequest), where you set the attribute you intend to modify.
The inactive worker workflow we have in place is not part of the provisioning process. Can you implement these ProvisioningPlan things on any workflow, even if it has nothing to do with newly provisioning an account? If so, where do you do that?
Hi @rquku ,
I believe you could create a workflow step that calls an API to update the AD attribute with the required details (e.g., append the reason for disabling the account).
First of all, I wouldn’t go to workflow for this approach.
I will just create an Identity attribute for (UAC) User Account Control, build a transform to calculate UAC 512/514 using AD last logon timestamp. Use this Identity attribute in your AD Provisioning policy. I have implemented this many times.
You can create AD Description Identity attribute, build transform and use the same in your AD provisioning policy for description attribute.
You can make use of Native Rules, Connector After Modify Rule for AD source. If operation is disable then you can set the description in your Powershell script, but you need to know whether this disable operation is because of inactivity or not, for that you need to extract last logon time stamp again and validate which is a duplicate operation.
