Jump to content

Making Customers Inactive


Recommended Posts

Hi, As part of our leavers process we want to make Customers records inactive.  Can this be done through Service Manger without going to the Administration side?  I don't really want to give everyone admin permission just to perform this task.



Link to comment
Share on other sites

i do that as part of our leavers process, i use system centre orchestrator runbooks for our leavers process , i just create a powershell  task that uses the new LDAP  script to set the user as archived ,  i use the same functionalty to add new users to  service manager.

Link to comment
Share on other sites

Hi All,

There is now actually a feature in the latest LDAP Import Utility (v2.0.3) that can achieve this functionality. 

It contains a section where you can set the UserAccountStatus as follows:


       "Enabled": false,


So in theory what you could do:

1) Take a copy of your existing LDAP conf.json file (providing you are on the latest version - if not, download and convert you existing mappings to the latest version, test to ensure all is working, and then take a copy of that)
2) Call the copy a different name e.g. archivedUsers.json
3) In this copied file, change the "Enabled" value to true and  "Status" (as shown above) to "archived"
4) Set the "Filter" of this file to only return disabled LDAP accounts - this may vary, however a standard filter for this which has been used before is as follows: 


5) Schedule this file to run after any existing LDAP Imports you have set up. 

What this should do is update any accounts that exist within Hornbill to an archived status if they have been set to Disabled in LDAP. Please keep in mind we do not currently have the ability to delete or remove anything in the LDAP, nor would we advise deleting users anyway.

Full instructions and download links can be found on the wiki page here.

I hope this helps, let me know if there are any questions.




Link to comment
Share on other sites

Hi Gareth;


i did it slighly different :

i use a  "template"  .json   file   with the details  Bob mentioned ,  instead of using the filter section i use the DSN section.

i wanted to only archive the one  user  of my leavers process , not every disabled account .

i used this in the .json file:

"Filter": "(objectClass=user)",

"DSN": "replaceme",


then in my powershell script i  set "replaceme" with the distinguished name .

something like this ( please test  if you going to use any of this )


import-Module activedirectory

#checks if file exists and deletes it

$FileName = "C:\LDAP_Import\new_delete.json"
if (Test-Path $FileName) {
  Remove-Item $FileName

# get the ad account details
$a = get-aduser   <leavers  samaccountname>

$b = $a.distinguishedName


#use template delete.json , replace "replaceme" with ad details and write to new_delete.json  file, then run batch file to delete

if ($b -ne "")
       [System.IO.File]::ReadAllText("C:\LDAP_Import\delete.json").replace('replaceme',$b)|sc C:\LDAP_Import\new_delete.json
        if (Test-Path $FileName) {
                 C:\LDAP_Import\User_delete.bat |out-null

end of powershell

batchfile :

cd C:\LDAP_Import\
C:\LDAP_Import\ldap_user_import.exe -file=new_delete.json




as i said , test in your environment before using this , hope it give you some ideas.







Link to comment
Share on other sites

  • 1 month later...

Hi Guys,

I've finally got round to looking at this and I've created a new conf file but I'd like to test it before I apply it to everything just in case it's wrong.  Can someone please advise what I need to add into the filter area to restrict it down to one user (I'm not good with scripting stuff).  Also can you see any obvious errors?




Link to comment
Share on other sites

Hi Tina,

Sorry for the late reply on this - but if you are still looking to restrict the filter down to one user, you simply need to add an additional brackets into your filter along the lines of (samAccountName=TinaL) - or whatever your unique reference is

I hope this helps

Kind Regards


Link to comment
Share on other sites

Hi all,

Just wanted to mention that I use Softerra LDAP Browser (free) to build these filters. Once i get the results i require, i copy the filter that I built from the software into the Conf file and away it goes.


When building filters they look like this (example from their website):
When you've created the filters they end up looking like the ones we need for the LDAP_Import.

I don't check for disabled accounts as they are moved into the "Archived" OU anyway, if any current user ends up in here they are set to "Archived" in Hornbill, if they are moved into another OU then they will automatically become "Active" if they are not already.

It's really cool.



  • Like 1
Link to comment
Share on other sites

  • 3 weeks later...

@bob_dickinson I've tried running this with both a dry run and live as it's only set one user and I'm getting this error message:


[ERROR] Unable to Set User Status 111: The value 'Archived' for element <accountStatus> is not an allowable value at location '/methodCall/params/accountStatus'


Can you shed any light on what it means please.

Many thanks


Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Create New...