This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

what would be the best way to remove all the ads group membership after seven days of termination

Hi Experts 

I have a requirement to remove all the ADS groups membership assigned outside of Identity Manager after seven days of termination. 

I also need to move the OU and put in a archive group at the same time. What is the best possible way I can accomplish this task. 

Best Regards

  • You might try to use a Temporary disabled state with some additional custom attribute for termination state. After 7 days You can set the account to permanently disabled 

    and in manage level of account definition set not to inherit groups on permanently disabled!

    Moving it in an "ARchive" OU is the easiest way with a template on UID_ADSContainer@ADSAccount .

    Problem is if You need this dissabled account in some additional group as by default all groups will be stripped.

  • You might try to use a Temporary disabled state with some additional custom attribute for termination state. After 7 days You can set the account to permanently disabled 

    and in manage level of account definition set not to inherit groups on permanently disabled!

    Moving it in an "ARchive" OU is the easiest way with a template on UID_ADSContainer@ADSAccount .

    Problem is if You need this dissabled account in some additional group as by default all groups will be stripped.

No Data