• State Not Answered
  • Replies 2 replies
  • Subscribers 96 subscribers
  • Views 2454 views
  • Users 0 members are here
Options
Related

How to configure a process to disable ad user account whose last logon date is older than 15 days?

vishal
over 4 years ago

Hi Experts,  I would like to configure a custom process that will fetch last logon time stamp of AD user account and it will disable the Ad user accounts whose last logon date is older than 15 days. Kindly provide some suggestions as in how to achieve this?

Parents
  • 0 over 4 years ago

    There are various factors here. Do you watch the LastLogon column? If not, you should do that. Then, it will be stored in DialogWatchProperty.

    You can run a process plan then which selects all entries where LastLogon column was earlier than 15 days, and using a combibation of DialogWatchOperation and DialogWatchProperty you should be able to find the ADSAccounts which need disabling, which can finally be done using a simple process.

    Apologies for the concise explanation, but hope that helps

Reply
  • 0 over 4 years ago

    There are various factors here. Do you watch the LastLogon column? If not, you should do that. Then, it will be stored in DialogWatchProperty.

    You can run a process plan then which selects all entries where LastLogon column was earlier than 15 days, and using a combibation of DialogWatchOperation and DialogWatchProperty you should be able to find the ADSAccounts which need disabling, which can finally be done using a simple process.

    Apologies for the concise explanation, but hope that helps

Children
  • 0 over 4 years ago in reply to kinshasa

    The last logon time stamp should be read by the sync already. So just create a process on ADSAccount that sets the ad user account to disabled listening to an custom event (e.g. "NotUsedIn15Days"). The process will be triggered by a daily schedule firing the custom event on ADSAccount for all ADSAccounts where last logon is lower than today - 15 days.