ServiceNow – Find inactive LDAP users using lastRefresh time

Posted On October 10, 2017

Create a datetime field on the User [sys_user] table. For example, u_last_refreshed.
Create an LDAP transform script to set the field value. [System Ldap > Select the LDAP User import > In Script field, Add below code]

JavaScript

target.u_last_refreshed = gs.now();

1

target.u_last_refreshed = gs.now();

Create a scheduled job to find and deactivate the user accounts that have not been refreshed in 30 days.

disable_users();
 
function disable_users() {
/*
* query for active users with ldap source and last updated more than 30 days ago
* disable them
*/
var gr = new GlideRecord("sys_user");
gr.addQuery('u_last_refreshed', '<', gs.daysAgoStart(30));
gr.addQuery('active', true);
gr.addQuery('source', '!=', '');
gr.query();
while (gr.next()) {
gr.active = false;
gs.log("Disabled inactive user: " + gr.user_name + " - last updated: " + u_last_refreshed);
gr.update();
}
gs.log("Completed disabling inactive accounts");
}

disable_users();

function disable_users() {

* query for active users with ldap source and last updated more than 30 days ago

* disable them

var gr = new GlideRecord("sys_user");

gr.addQuery('u_last_refreshed', '<', gs.daysAgoStart(30));

gr.addQuery('active', true);

gr.addQuery('source', '!=', '');

gr.query();

while (gr.next()) {

gr.active = false;

gs.log("Disabled inactive user: " + gr.user_name + " - last updated: " + u_last_refreshed);

gr.update();

}

gs.log("Completed disabling inactive accounts");

}

Create a report of user accounts that have been inactive for 15 days.

Add a Comment