Automatically remove roles/labels from users disabled in Active Directory?

We have our K1000 importing users from our Active Directory through LDAP connection. However, when a user account is Disabled in AD, it's still active in K1000.

Is there a way to automatically disable their K1000 account and remove any labels after they are disabled in AD?

0 Comments   [ + ] Show comments

Answers (1)

Answer Summary:
Posted by: h2opolo25 7 years ago
Red Belt
You might be able to write a custom rule but it will need a little tweaking on the AD side. 

Before deleting the AD account you can change one of the custom fields you're importing to a special tag "MARKED FOR DELETION" or something. Then when the new LDAP import occurs it will pull down the changed info into KACE.

So now for example you'll have the words "MARKED FOR DELETION" in the Location field of the KACE user.

Write your custom rule to run every day and delete any user that has a Location of "MARKED FOR DELETION"

I would strongly recommend you set up a test VM KACE system for this and test it thoroughly because you might royally mess up your database if you are not careful.

  • Wow, ok. I'll run this by my team, thanks! - Pulpitude 7 years ago

Don't be a Stranger!

Sign up today to participate, stay informed, earn points and establish a reputation for yourself!

Sign up! or login


This website uses cookies. By continuing to use this site and/or clicking the "Accept" button you are providing consent Quest Software and its affiliates do NOT sell the Personal Data you provide to us either when you register on our websites or when you do business with us. For more information about our Privacy Policy and our data protection efforts, please visit GDPR-HQ