Adaxes

Inactive Users

0 votes

We have a scheduled task configured today that we run daily over our user pool and checks IF an account has been inactive for XX weeks, it disables it and triggers some of our off-boarding type tasks. Really works great, and we get a lot of use out of it.


One issue we run into with this though is this script will disable a user because they haven't logged into that account for some time, but we then receive word it needs to be enabled. We will go in and re-enable it, reset the password, let the user know that information. The problem is a lot of the time the users don't login by the end of business that day so this task that runs at again at 5 PM looking for inactive users will catch that account, and disable it once more.

Do you happen to know what attribute Adaxes is looking at to determine the account is inactive? I'm was thinking we could clear that out in these type of situations?

If you or anyone else has suggestions on how to get around this we are open to those as well.

Thanks,

by (490 points)

1 Answer

0 votes
by (272k points)
selected by
Best answer

Hello Ben,

Do you happen to know what attribute Adaxes is looking at to determine the account is inactive? I'm was thinking we could clear that out in these type of situations?

The condition uses the calculated adm-InactivityDuration property. The property is not physically stored in Active Directory and there is no possibility to update it manually.

If you or anyone else has suggestions on how to get around this we are open to those as well.

As a solution we suggest adding a condition that will check when the user account has been last updated. For example, if the account was updated less than 2 days ago, the task will not affect the user. It means that all the users re-enabled for the last two days will not be disabled by the task.To add the condition to your task:

  1. Launch Adaxes Administration Console and navigate to the Scheduled Task.
  2. Right-click the account is inactive condition and click Add New Condition in the context menu.
  3. Select If <property><relation><value>.
  4. Select If When Changed less or equal and click Edit.
  5. Select minus 2 days.
  6. Click OK twice and save the changes.

You should have something like the following:

0

Thanks for the help on this...I added this logic to the schedule task and I think we're good.

by (490 points)

Related questions

0 votes
1 answer
Report showing users who are inactive in both our on-premise Active Directory and Azure Active Directory?

We manage employee user accounts in our on-premise Active Directory and synchronize them to Azure Active Directory using Azure AD Connect. We'd like to be able to generate ... if this is possible so we can easily identify user accounts that are truly inactive.

asked May 9, 2023 by RickWaukCo (320 points)
0 votes
1 answer
Inactive users allowed to log in - No Sign-in information for Azure AD user

Hello, The report named Inactive users allowed to log in shows the Active Directory sign-in (Last-Logon-Timestamp) and Azure AD sign-in (Last Logon) but only for Active Directory ... updated by an Azure logic App. But we'd love to have this natively in Adaxes.

asked Dec 13, 2022 by Gavin.Raymen (40 points)
0 votes
1 answer
how to review a users when marked inactive

Hi, Im using the "When Marked Inactive" custom property that comes with Adaxes. Im trying to test out the deletion of users using that "When Marked Inactive" attribute, but ... if there is a way to see visually that custom attribute on my disabled Test user.

asked Oct 10, 2022 by raul.ramirez (210 points)
0 votes
1 answer
Daily Scheduled Task to Disable Inactive Users

Hello, I'm trying to create a daily scheduled task that runs that automatically disables users AD accounts who havent logged in to the domain in 45 days. At the same time ... inactivity period but it appears to only allow me to select weeks instead of days.

asked Apr 14, 2020 by sirslimjim (480 points)
0 votes
1 answer
Inactive Users in specific "Admin" OU

Hello, I try to change the script from Report 'Inactive users' to get only users which are located under an specific "Admin" OU. I can't use "Look ... "(|" + $filterNoLastLogon + $filterLoggedOnBefore + ")" + $filterPasswordChangedBefore + ")" regards Helmut

asked Feb 13, 2019 by a423385 (510 points)
3,346 questions
3,047 answers
7,782 comments
544,982 users