Is it possible to automate or script within active directory when a standard account has been disabled and to disable any other account for the user using the ExtensionAttribute within AD?
Is it possible to automate or script within active directory when a standard account has been disabled and to disable any other account for the user using the ExtensionAttribute within AD?
Hi rtaino c
Yes, the easiest way to do this would be with a Workflow, with a trigger condition(s) when the standard account is disabled.
The workflow itself would contain a Search activity step. For instance if you store the standard users "object GUID" or "employeeID" in ExtensionAttribute1 of Admin or Privileged accounts. IE
Then add for example a deprovision step within the Search activity.
Just ensure that you modify the Activity Target of the Deprovisioning step to be the Found Object from the search activity step
