Mark terminated LDAP users as inactive in ServiceNow

We Find inactive LDAP accounts using the last refresh time. In this method, we add a Last Refreshed field to the user record and set the value during the import process. We create a scheduled job that checks for users that have not been refreshed in 30 days, and deactivate them.

 Create a datetime field on the User [sys_user] table. example, u_last_refreshed.

Add the following code in the transform script

target.u_last_refreshed =;
Create a scheduled job to find and deactivate the user accounts that have not been refreshed in 30 days.
function disable_users() {
     * query for active users with ldap source and last updated more than 30 days ago
     * disable them
    var gr = new GlideRecord(“sys_user”);
    gr.addQuery(‘u_last_refreshed’, ‘<‘, gs.daysAgoStart(30));
    gr.addQuery(‘active’, true);
    gr.addQuery(‘source’, ‘!=’, ”);
    while ( { = false;
        gs.log(“Disabled inactive user: ” + gr.user_name + ” – last updated: ” + gr.u_last_refreshed);
    gs.log(“Completed disabling inactive accounts”);