Archived users are being reactivated (but not by us)

[JanS2000]

Morning, I've noticed this week that an archived user (full user) keeps being made active each day when I log into Hornbill. I've set it to archived 3 times so far, and saved the change. Other users who've been archived stay archived, they're all basic users. Should I do something different for a full user? I've reallocated all tasks/calls that had been assigned to this person already.

Thanks.

[Steve Giller]

The most common reason when this happens regularly is that you have a User Import set up and the User in question is being picked up by that - for example the AD Account, even if disabled, is in an active OU.

[JanS2000]

Ah right, thanks @Steve Giller, that's good to know. We do have a user import set up, I wondered if it would be this, but because the user account is disabled in AD I discounted it. 

[Steve Giller]

Please don't ask me how, but you can add an LDAP filter to ignore disabled accounts in your config if moving them to an OU that isn't picked up is not practical.

[JanS2000]

Thanks @Steve Giller!

[Met]

You could also turn it around and set up a separate LDAP config profile targeting only disabled users to perform actions on them (e.g. to suspend their Hornbill account, update their status so analysts know they might not reply on tickets etc.). To account for someone's account being enabled again, just make sure the main LDAP query does the opposite (e.g. changes status to Active or something).

(userAccountControl:1.2.840.113556.1.4.803:=2)

should target disabled users in the LDAP query.

Or add

(!(userAccountControl:1.2.840.113556.1.4.803:=2))

to ignore disabled users in your main LDAP query.