none
Question about life-cycle of FIM/Active Directory Accounts RRS feed

  • Question

  • Hello All,

         I was wondering if anybody knew of a way to systematically delete all fim/ad accounts at the end of business day. We will be using FIM to provision local ad accounts so visitors can use our wireless. We would like these accounts to be provisioned from the FIM Portal. However we need that at the end of the day for all accounts to be deleted from both FIM portal and Active Directory. Any suggestions will be greatly appreciated.  

    Tuesday, April 23, 2013 3:56 PM

Answers

All replies

  • You could create a set that includes users with a created time stamp of more than 1 day ago (8 hours, etc), and then attach the expiration workflow to that set.

    My Book - Active Directory, 4th Edition
    My Blog - www.briandesmond.com

    Tuesday, April 23, 2013 9:20 PM
    Moderator
  • Hi Brian,

        Thank you for the advice. I have one more question how would I go about excluding certain users from this group such as administrator, Build-in Synchronization Account, and the few staff members that will be a member of a certain set that I do not want deleted. 

    Tuesday, April 23, 2013 10:04 PM
  • Perhaps fire a workflow on user creation in the portal that sets an attribute so your filter can be something like (CreatedDate -before- [Today] AND CustomAttribute -equals- 'Foo')?

    My Book - Active Directory, 4th Edition
    My Blog - www.briandesmond.com

    • Proposed as answer by Remi Vandemir Thursday, April 25, 2013 1:49 PM
    • Marked as answer by epatri Tuesday, May 21, 2013 3:13 PM
    Tuesday, April 23, 2013 10:15 PM
    Moderator