JanS2000 Posted August 11, 2023 Share Posted August 11, 2023 Morning, I've noticed this week that an archived user (full user) keeps being made active each day when I log into Hornbill. I've set it to archived 3 times so far, and saved the change. Other users who've been archived stay archived, they're all basic users. Should I do something different for a full user? I've reallocated all tasks/calls that had been assigned to this person already. Thanks. Link to comment Share on other sites More sharing options...
Steve Giller Posted August 11, 2023 Share Posted August 11, 2023 The most common reason when this happens regularly is that you have a User Import set up and the User in question is being picked up by that - for example the AD Account, even if disabled, is in an active OU. 1 Link to comment Share on other sites More sharing options...
JanS2000 Posted August 11, 2023 Author Share Posted August 11, 2023 Ah right, thanks @Steve Giller, that's good to know. We do have a user import set up, I wondered if it would be this, but because the user account is disabled in AD I discounted it. Link to comment Share on other sites More sharing options...
Steve Giller Posted August 11, 2023 Share Posted August 11, 2023 Please don't ask me how, but you can add an LDAP filter to ignore disabled accounts in your config if moving them to an OU that isn't picked up is not practical. 1 Link to comment Share on other sites More sharing options...
JanS2000 Posted August 11, 2023 Author Share Posted August 11, 2023 Thanks @Steve Giller! Link to comment Share on other sites More sharing options...
Met Posted August 11, 2023 Share Posted August 11, 2023 You could also turn it around and set up a separate LDAP config profile targeting only disabled users to perform actions on them (e.g. to suspend their Hornbill account, update their status so analysts know they might not reply on tickets etc.). To account for someone's account being enabled again, just make sure the main LDAP query does the opposite (e.g. changes status to Active or something). (userAccountControl:1.2.840.113556.1.4.803:=2) should target disabled users in the LDAP query. Or add (!(userAccountControl:1.2.840.113556.1.4.803:=2)) to ignore disabled users in your main LDAP query. 1 Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now