We have our K1000 importing users from our Active Directory through LDAP connection. However, when a user account is Disabled in AD, it's still active in K1000.

Is there a way to automatically disable their K1000 account and remove any labels after they are disabled in AD?
Answer Summary:
0 Comments   [ + ] Show Comments


Please log in to comment


You might be able to write a custom rule but it will need a little tweaking on the AD side. 

Before deleting the AD account you can change one of the custom fields you're importing to a special tag "MARKED FOR DELETION" or something. Then when the new LDAP import occurs it will pull down the changed info into KACE.

So now for example you'll have the words "MARKED FOR DELETION" in the Location field of the KACE user.

Write your custom rule to run every day and delete any user that has a Location of "MARKED FOR DELETION"

I would strongly recommend you set up a test VM KACE system for this and test it thoroughly because you might royally mess up your database if you are not careful.
Answered 03/23/2015 by: h2opolo25
Red Belt

  • Wow, ok. I'll run this by my team, thanks!
Please log in to comment
Answer this question or Comment on this question for clarity