/build/static/layout/Breadcrumb_cap_w.png

KACE Product Support Question


Automatically remove roles/labels from users disabled in Active Directory?

03/23/2015 2377 views
We have our K1000 importing users from our Active Directory through LDAP connection. However, when a user account is Disabled in AD, it's still active in K1000.

Is there a way to automatically disable their K1000 account and remove any labels after they are disabled in AD?
Answer Summary:
0 Comments   [ + ] Show comments

Comments


All Answers

1
You might be able to write a custom rule but it will need a little tweaking on the AD side. 

Before deleting the AD account you can change one of the custom fields you're importing to a special tag "MARKED FOR DELETION" or something. Then when the new LDAP import occurs it will pull down the changed info into KACE.

So now for example you'll have the words "MARKED FOR DELETION" in the Location field of the KACE user.

Write your custom rule to run every day and delete any user that has a Location of "MARKED FOR DELETION"

I would strongly recommend you set up a test VM KACE system for this and test it thoroughly because you might royally mess up your database if you are not careful.
Answered 03/23/2015 by: h2opolo25
Red Belt

  • Wow, ok. I'll run this by my team, thanks!
 
This website uses cookies. By continuing to use this site and/or clicking the "Accept" button you are providing consent Quest Software and its affiliates do NOT sell the Personal Data you provide to us either when you register on our websites or when you do business with us. For more information about our Privacy Policy and our data protection efforts, please visit GDPR-HQ