Move deactivate account in different OU in Active Directory

Hello,

OneIM Version 8.2.1


I have a requirement to move to deactivate accounts in different OU in AD. And I have to customize the template for ADSAccount.UID_ADSContainer to implement my requirement.

Can someone help me with the code to set in ADSAccount.UID_ADSContainer template?

The ADSAccount.UID_ADSContainer template is configured as follows:

'$FK(UID_Person).UID_Department$
'$FK(UID_Person).UID_Locality$
'$FK(UID_Person).UID_ProfitCenter$
#If ORG Then
'$FK(UID_Person).UID_Org$
#End If
If CBool(Connection.Variables.Get("FULLSYNC")) = False Then
Select Case ($FK(UID_TSBBehavior).ITDataUsage:Int$)
Case 0:'do not get data from employee
Case -1:'fill property initially from the ITData of the employee
If Not $[IsLoaded]:Bool$ Then
Value = TSB_ITDataFromOrg($UID_Person$, $UID_TSBAccountDef$, Base.TableDef.Columns("UID_ADSContainer"))
End If
Case 1:'update property depending on ITData of the employee
Value = TSB_ITDataFromOrg($UID_Person$, $UID_TSBAccountDef$, Base.TableDef.Columns("UID_ADSContainer"))

End Select
End If

Thanks.

  • Personally I would argue the requirement of moving accounts around when disabled.
    What's the point, that cannot be accomplished by setting an attribute on the account. Maybe a legacy application?

    Solution 1: Extend the ADSAccount table, so you can select a specified OU by name from IT operating data.

    Extend table
    ADSAccount.CCC_UID_DisabledOUContainer (Disabled OU Container)
    As Foreign key to ADSContainer (same config as UID_ADSContainer)

    ADSAccount.CCC_UID_DisabledOUContainer\Template
        ...
        Case 1:'update property depending on ITData of the employee
            Value = TSB_ITDataFromOrg($UID_Person$, $UID_TSBAccountDef$, Base.TableDef.Columns("CCC_UID_DisabledOUContainer"))
        ....
    
    ADSAccount..UID_ADSContainer\Template
    ...
    Case 1:'update property depending on ITData of the employee
                    If $AccountDisabled:Bool$ AndAlso Not $FK(UID_Person).IsTemporaryDeactivated:Bool$ Then
                                   Value = $CCC_UID_DisabledOUContainer$
                    Else
                                   Value = TSB_ITDataFromOrg($UID_Person$, $UID_TSBAccountDef$, Base.TableDef.Columns("UID_ADSContainer"))
                    End If
    End Select
    ...

    Solution 2: Hardcode UID_ADSContainer in template ADSAccount.UID_ADSContainer\Template

    ...
    Dim UID_DisabledOUContainer As String = 'CCC-FF50DC91BD674CC3B11BC24528D99352'
    Case 1:'update property depending on ITData of the employee
                    If $AccountDisabled:Bool$ AndAlso Not $FK(UID_Person).IsTemporaryDeactivated:Bool$ Then
                                   Value = DisabledOUContainer
                    Else
                                   Value = TSB_ITDataFromOrg($UID_Person$, $UID_TSBAccountDef$, Base.TableDef.Columns("UID_ADSContainer"))
                    End If
    End Select
    ...