ServiceNow – Find inactive LDAP users using lastRefresh time
Posted On October 10, 2017
- Create an LDAP transform script to set the field value. [System Ldap > Select the LDAP User import > In Script field, Add below code]
1target.u_last_refreshed = gs.now(); - Create a scheduled job to find and deactivate the user accounts that have not been refreshed in 30 days.
12345678910111213141516171819disable_users();function disable_users() {/** query for active users with ldap source and last updated more than 30 days ago* disable them*/var gr = new GlideRecord("sys_user");gr.addQuery('u_last_refreshed', '<', gs.daysAgoStart(30));gr.addQuery('active', true);gr.addQuery('source', '!=', '');gr.query();while (gr.next()) {gr.active = false;gs.log("Disabled inactive user: " + gr.user_name + " - last updated: " + u_last_refreshed);gr.update();}gs.log("Completed disabling inactive accounts");}