none
Disable a user from AD if It removed from Source

    Question

  • Hi,

    I have a situation in which I have to Disable User from AD if it is removed from Banner(source) view. But i still need that user for futther use. So, AD connector should not be deleted.

    Any help ?

    Friday, March 15, 2013 5:07 PM

Answers

  • You can also use the method outlined in How to Detect Connectors in FIM.
    For a scenario like this, it might be a good idea to take a look at Understanding Deprovisioning in FIM.

    Cheers,
    Markus


    Markus Vilcinskas, Knowledge Engineer, Microsoft Corporation

    Saturday, March 16, 2013 12:15 AM
  • Hi Giriraj,

    I have done this use case for one of the customer.
    You can try the approach shared by Tomasz, I have listed the required steps :

    1. Create 1 custom attribute in metaverse say "EMPSTATUS"
    2. Map this with any value coming from banner (in Banner Inbound rule)
    3. In AD Outbound rule write a custome expression say "IIF(IsPresent(EMPSTATUS),512,514) => userAccountControl"

    Now with this setup, when the user's connector(source) gets deleted, its 'EMPSTATUS' will become null in  the metaverse, followed by changing the userAccountControl value to 514 in "AD"

    Regards,
    Varun

    • Proposed as answer by var9287 Saturday, March 16, 2013 6:51 AM
    • Marked as answer by GirirajSingh Thursday, April 04, 2013 5:47 PM
    Saturday, March 16, 2013 6:33 AM

All replies

  • Are you using synchronization rules? if yes - you can use DRE to detect the state of a user (DRE exists for given rule) and in this way you might control other events and provisioning. Other way is to contribute to metaverse value based on some value from the source - if this value will be gone, you don't have connector in this source.


    Trick is that you have to think about situation that someone will clear the connector space or re-initialize solution. In that case you might have AD account and Identity info in metaverse without source information for a while. Can be handled but you have to be aware of it or anyone who will operate this solution in the future.


    Tomek Onyszko, memberOf Predica FIM Team (http://www.predica.pl), IdAM knowledge provider @ http://blog.predica.pl

    Friday, March 15, 2013 6:19 PM
  • You can also use the method outlined in How to Detect Connectors in FIM.
    For a scenario like this, it might be a good idea to take a look at Understanding Deprovisioning in FIM.

    Cheers,
    Markus


    Markus Vilcinskas, Knowledge Engineer, Microsoft Corporation

    Saturday, March 16, 2013 12:15 AM
  • Hi Giriraj,

    I have done this use case for one of the customer.
    You can try the approach shared by Tomasz, I have listed the required steps :

    1. Create 1 custom attribute in metaverse say "EMPSTATUS"
    2. Map this with any value coming from banner (in Banner Inbound rule)
    3. In AD Outbound rule write a custome expression say "IIF(IsPresent(EMPSTATUS),512,514) => userAccountControl"

    Now with this setup, when the user's connector(source) gets deleted, its 'EMPSTATUS' will become null in  the metaverse, followed by changing the userAccountControl value to 514 in "AD"

    Regards,
    Varun

    • Proposed as answer by var9287 Saturday, March 16, 2013 6:51 AM
    • Marked as answer by GirirajSingh Thursday, April 04, 2013 5:47 PM
    Saturday, March 16, 2013 6:33 AM