We Find inactive LDAP accounts using the last refresh time. In this method, we add a Last Refreshed field to the user record and set the value during the import process. We create a scheduled job that checks for users that have not been refreshed in 30 days, and deactivate them.
Create a datetime field on the User [sys_user] table. example, u_last_refreshed.
Add the following code in the transform script
target.u_last_refreshed = gs.now();
Create a scheduled job to find and deactivate the user accounts that have not been refreshed in 30 days.
disable_users();
function disable_users() {
/*
* query for active users with ldap source and last updated more than 30 days ago
* disable them
*/
var gr = new GlideRecord(“sys_user”);
gr.addQuery(‘u_last_refreshed’, ‘<‘, gs.daysAgoStart(30));
gr.addQuery(‘active’, true);
gr.addQuery(‘source’, ‘!=’, ”);
gr.query();
while (gr.next()) {
gr.active = false;
gs.log(“Disabled inactive user: ” + gr.user_name + ” – last updated: ” + gr.u_last_refreshed);
gr.update();
}
gs.log(“Completed disabling inactive accounts”);
}