Sahana. Shenoy Posted November 26 Posted November 26 Hi, We are using User Import - Azure Utility Integration with Hornbill. We would like to know how to manage the Leavers data? For eg: When a user leaves will the sync to HB conf file - will it auto archive in HB ? If not how can we achieve this? So that when a user leaves his/her account details will be deleted from Active Directory and if the sync file doesn't see that user profile, will it then update the Hornbill User profile status to Archived? For Licensed user profiles we have a process in place which will remind us to remove the license and meanwhile we will manually set the User status to Archived. But this is not in place for Basic user profiles and we would like to Automate this to avoid manual effort. At present we have some 450+ basic user accounts who have left the organization but their account is still active in HB. Can someone shed some light to understand if you have already achieved this? Regards,Sahana
Steve Giller Posted November 26 Posted November 26 Hornbill does not archive accounts that disappear from view. One of the reasons would be that should Azure decide to return no results, this would immediately archive every User on your Instance and no-one could sign in. The recommended process would be that when a User leaves your organisation, you would move them to a "Leavers" OU (or Group in Azure, I believe) and have an Archive Import that takes any User from that OU and marks them as Archived in Hornbill. 1
Berto2002 Posted November 26 Posted November 26 We used to do as Steve suggested but we no longer have a Leavers OU. Instead, since our Leavers are always processed through Hornbill, we use workflow to Archive the user once we have finished processing all the asset retrievals and account removals in line of business applications which sometimes drifts on past the date we otherwise need the account archived etc. It also does other things like remove from organizations and confirm the User is Basic PS "velocity" is our rebranding of the Hornbill SM product 1
billster Posted November 27 Posted November 27 18 hours ago, Sahana. Shenoy said: Hi, We are using User Import - Azure Utility Integration with Hornbill. We would like to know how to manage the Leavers data? For eg: When a user leaves will the sync to HB conf file - will it auto archive in HB ? If not how can we achieve this? So that when a user leaves his/her account details will be deleted from Active Directory and if the sync file doesn't see that user profile, will it then update the Hornbill User profile status to Archived? For Licensed user profiles we have a process in place which will remind us to remove the license and meanwhile we will manually set the User status to Archived. But this is not in place for Basic user profiles and we would like to Automate this to avoid manual effort. At present we have some 450+ basic user accounts who have left the organization but their account is still active in HB. Can someone shed some light to understand if you have already achieved this? Regards,Sahana We have a security group in AD named after Hornbill, all basic users are inside there and the Azure User Import Utility config file searches the group for users to create/amend/archive. We have two scheduled tasks set up, which involves two config files. One of the configs creates and updates user accounts. The other auto archives the users as per the leaver process. To auto archive the users, put in the search filter of the config file "AccountEnabled eq false" (this searches for accounts that are expired and/or disabled) "AzureConf": { "UserFilter": "AccountEnabled eq false", "UserProperties": [ "givenName" , "surname" , "userPrincipalName" , "displayName" , "businessPhones" , "company" , "country" , "officeLocation" , "office" , "mail" , "jobTitle" , "usageLocation" ], "Search": "groups", "UsersByGroupID": [ { "ObjectID":"Security group object ID", "Name":"Security group name" } ] }, And set "status" setting as... "Status": { "Action": "Both", "Value": "archived" }, You would execute like this... azure_user_import.exe -file=config_leavers.json (this is the config that has the user filter and status setting as archived) azure_user_import.exe -file=config_default.json (this is the config that you already use to import/update users from Azure) Then just set up the scheduled tasks in task scheduler and it will do it all automatically for you. Hope this gives you an idea what to do. Thanks 1
Sahana. Shenoy Posted November 27 Author Posted November 27 Thanks @Steve Giller ,@Berto2002 and @billsterfor suggesting all these options, its really helpful. We currently have a Leaver's OU in our AD, so I think we will try out updating a sync file separately for Archived Users, so that it will update only those accounts into HB as Archived. Will get this tested in our platform. Once again, thanks for all the suggestions. Regards,Sahana
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now