Skip to Content
avatar image
Former Member

Issue in Deactivate user from AD to IDM

ad.png

sql-query.png

I'm implementing IDM 7.2 Solutions & here users creation & de-activation will be done thru AD.

Creation of users is working perfectly however when user's account is disabled in AD, in IDM its not disabling the user. We are using standard Script in Source Tab of pass

SELECT Logentries.DN
FROM Delta_Defs INNER JOIN
Logentries ON Delta_Defs.OwnerID = Logentries.OwnerID
WHERE (Delta_Defs.Name = 'sapd%$rep.$NAME%user') AND (Logentries.Operation = 4 OR Logentries.Operation=5)

However in Logentries table for user I'm getting Operation=2, due to which IDM isn't disabling user.

Any advise?

sql-query.png (8.7 kB)
ad.png (18.4 kB)
ad.png (18.4 kB)
sql-query.png (8.7 kB)
Add comment
10|10000 characters needed characters exceeded

  • Get RSS Feed

3 Answers

  • Best Answer
    Nov 16, 2016 at 05:32 AM

    Hello Ravi,

    The alternate option is to set MX_DISABLED for the user with Validfrom={Accountexpires}

    Syntax could be like

    In the z* script I am using uInt8ToDate function to convert AD accountexpires into IDM date format.

    http://help.sap.com/saphelp_nwidmic_80/helpdata/en/d3/24b691e99340b08ba9d5e1bea65e36/content.htm

    Hope it will help.

    Regards,

    C Kumar

    Add comment
    10|10000 characters needed characters exceeded

  • Nov 15, 2016 at 06:39 PM

    Is there a reason you're using Delta?

    Add comment
    10|10000 characters needed characters exceeded

  • Nov 15, 2016 at 06:39 PM

    Is there a reason you're using Delta?

    Add comment
    10|10000 characters needed characters exceeded