• State Suggested Answer
  • Replies 7 replies
  • Answers 1 answer
  • Subscribers 63 subscribers
  • Views 581 views
  • Users 0 members are here
Options
Related

Disable User trigger in workflow.

clavin
2 months ago

I am sure I am missing something simple but I just want a workflow that will move  a user to a designated OU when Disabled (and then back again when enabled.

However, I cannot get this to trigger. I have set the following 

Operation that starts this workflow: Modify properties

Wokflow start upon a request for change In: Account Is Disabled (edsaAccountIsDisabled)

The initiator conditions are Any User and there are no filtering  Conditions. 

This does not trigger, I have the logic to move the object, but it wasn't firing so I put a notification as the first step and I do not get it.

Where did I go wrong?

 

  • 0 2 months ago

    From what you are describing, I don't see any issues. I assume that you have an IF/Else branch to handle the check for the specific edsaAccountIsDisabled value.

    Which Active Roles client are you using to disable the user?

  • 0 2 months ago

    I was wondering if you don't need to be "watching" UserAccountControl rather than the virtual attribute?  I.E. the property value changes to 514 on disable

  • 0 2 months ago in reply to Terrance.Crombie

    Version 8.1.3, I tried disabling the user on the console and website. Nothing ever fires.  FYI: I am coming into this and finding that it was fairly poorly understood. I had to do quite some clean up on the provisioning policies as they were assigned oddly in the AD structure.  I am assuming that workflows function against all changes done in active roles and are constrained by inheritance. That is why I am flummoxed as to why it is not firing

  • 0 2 months ago in reply to clavin
    clavin said:
    I am assuming that workflows function against all changes done in active roles and are constrained by inheritance

    Workflows are not constrained by inheritance per se.  Workflows respond to transactions and will fire if the start conditions of the workflow (based on the contents of the in-process transaction) are met or not.  The contents of the transaction themselves could be constrained by policy inheritance but the workflow start condition is applied after everything else.

  • 0 2 months ago in reply to JohnnyQuest

    Any Active Roles client will toggle edsaAccountIsDisabled if you choose the "Disable" option, so it shouldn't be necessary unless you are programmatically writing to the userAccountControl attribute using the Active Roles Management Shell.

  • 0 2 months ago

    Thanks, I accidentally omitted the word "Not" as in tworkflowes are not constrained....but thanks for the validation

    I changed the workflow to look at changes to UserAccountContol,but still not firing.  Is there a log that can be examined to see what it is doing in the background?

  • 0 1 month ago in reply to clavin

    Hey clavin, 

    it looks like I had the same issue last week working on 8.0.1. That was not the first workflow I created which contains disabling objects in AD, so I knew it had to work. 

    I simply deleted the workflow and created it from scratch and it started working for me. A few frustrating hours but it should work. 

    You can see in the Windows Event Viewer what AR is actually doing. It will descripe step by step what it is doing and which workflow it starts etc.