Skip to Content
0

Issue in Deactivate user from AD to IDM

Nov 15, 2016 at 01:45 PM

155

avatar image
Former Member

ad.png

sql-query.png

I'm implementing IDM 7.2 Solutions & here users creation & de-activation will be done thru AD.

Creation of users is working perfectly however when user's account is disabled in AD, in IDM its not disabling the user. We are using standard Script in Source Tab of pass

SELECT Logentries.DN
FROM Delta_Defs INNER JOIN
Logentries ON Delta_Defs.OwnerID = Logentries.OwnerID
WHERE (Delta_Defs.Name = 'sapd%$rep.$NAME%user') AND (Logentries.Operation = 4 OR Logentries.Operation=5)

However in Logentries table for user I'm getting Operation=2, due to which IDM isn't disabling user.

Any advise?

sql-query.png (8.7 kB)
ad.png (18.4 kB)
ad.png (18.4 kB)
sql-query.png (8.7 kB)
10 |10000 characters needed characters left characters exceeded
* Please Login or Register to Answer, Follow or Comment.

3 Answers

Best Answer
C Kumar Nov 16, 2016 at 05:32 AM
0

Hello Ravi,

The alternate option is to set MX_DISABLED for the user with Validfrom={Accountexpires}

Syntax could be like

In the z* script I am using uInt8ToDate function to convert AD accountexpires into IDM date format.

http://help.sap.com/saphelp_nwidmic_80/helpdata/en/d3/24b691e99340b08ba9d5e1bea65e36/content.htm

Hope it will help.

Regards,

C Kumar


capture.png (2.4 kB)
Share
10 |10000 characters needed characters left characters exceeded
Matt Pollicove Nov 15, 2016 at 06:39 PM
0

Is there a reason you're using Delta?

Share
10 |10000 characters needed characters left characters exceeded
Matt Pollicove Nov 15, 2016 at 06:39 PM
0

Is there a reason you're using Delta?

Share
10 |10000 characters needed characters left characters exceeded