GroupID 8 & above - Synchronize
We use GroupID Synchronize to provision user accounts in Active Directory from an HR database. When a user leaves the organization, the EmploymentStatus attribute for that user is updated as ‘Termed’. Is there any way to de-provision user accounts in Active Directory that will stamp them with a time and date of when they are disabled?
Imanami GroupID provides a pseudo-attribute by the name of 'Disable Account' with possible values of 'True' or 'False'. We can use Synchronize to locate the user accounts in the HR database where EmploymentStatus is ‘Termed’, and then use the 'Disable Account' pseudo-attribute to disable them in Active Directory.
Steps to Perform this Task:
- In GroupID Management Console, expand the Synchronize node, right-click All Jobs, and then select New Job.
- On the Job Template page, select the Blank Job option and click Next.
- Select a source provider and then select Active Directory as the destination provider. Enter the connection settings and click Next.
- On the Sync Object Options page, select the required object type, keep the default settings, and click Next.
- On the Select Fields page, select the attribute that will serve as the primary key. In this scenario, I will be using Employee ID. Also, select Description and Disable Account (pseudo-attribute) and click Next.
- Apply transformations on the Field Map(s) page.
- Set the destination field for 'Description' to Static. Add static text as “Disabled by GroupID %Now%”.
- Set the destination field for 'Disabled Account' to Static and set the static text as 'True'.
GroupID Online Help