Jump to content
Adrian Simpkins

Archived / Suspended account query

Recommended Posts

Hi All

I wanted to see if anyone could confirm what differences there are between Suspended accounts and Archived - basically we are setting up our LDAP to suspend Service Manager basic user accounts when they AD account is closed on file, and I wanted to see what others may have done in this scenario. I know that Archiving accounts retains the associated data (we are avoiding any deletions of full User profiles to retain all history), I presume if an account is left in Suspended this will also retain any associated history.

Is the recommended state for a basic user account whose AD is closed Suspended rather than Archived? Currently we are going to Suspend Basic accounts, and manually Archive full Users to retain history, and I just wanted to see if this is the approach others have taken please

Many thanks !

Share this post


Link to post
Share on other sites

@Adrian Simpkins

We have an LDAP Import process which archives Hornbill accounts for all AD Accounts which have been disabled, whether the where a User or Basic account.

The only issue we have had User accounts archived before requests assigned to them have been re-assign, as the BPM cannot assign activities etc to an archived account.

Other than that we not had any issues with archiving them.

Cheers

Martyn

 

Share this post


Link to post
Share on other sites

Hi Martyn / Steve

Thanks for the feedback, now that I know that Suspended are still visible I will look to set all to Archived instead, and just leave the Suspended status for any users having logon issues.

Many thanks, much appreciated for the pointers :) 

Share this post


Link to post
Share on other sites

@Adrian Simpkins sorry to hijack but would you be able to share how you are setting this on your LDAP import? :-)

I need to do the same and have struggled to work out how to do it...

Thanks

Simon

Share this post


Link to post
Share on other sites

@SimonSheldon

They way we do it, is that we have two LDAP Import configurations which run sequentially.

This first imports any new or updated account which are not disabled as per a normal LDAP import process.

Followed by second one which queries all disable accounts and sets them to Archived. The later uses the query string below.

(&(objectCategory=User)(userAccountControl:1.2.840.113556.1.4.803:=2)(whenChanged>=20160101000000.0Z))

We have a date filter on it to stop it producing an error when attempting to archive an account we never created when establishing the LDAP import into Hornbill as we did not import disabled users at the start.

Then under the 'User Options' tab in the config we have it set as below.

image.thumb.png.8a24180e6308fe770fa7ebf7088346a5.png

Cheers

Martyn

  • Like 1

Share this post


Link to post
Share on other sites

Hi Simon

Apologies I think I had advised previously I would provide some details around our LDAP setup - I see that Martyn has provided some guidance so I will let you run with that, but of course happy to share if need be still

Many thanks

  • Like 1

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×
×
  • Create New...