Is there a way that anyone has been able to figure out to remove users no longer with the company from groups like ServiceNow? All ServiceNow groups in my environment begin with "ServiceNow - ". If the user has been in the disabled OU for more than 7 days, I want their ServiceNow groups to be pulled off of their account. What I am currently using today is set up like:
If the 'Account Expires' property is greater than or equal to '%datetime,+7d%' then
Remove the user from the 'ServiceNow - 1' group
Remove the user from the 'ServiceNow - 2' group
Remove the user from the 'ServiceNow - 3' group
This is currently applied over the correct OU, but I would like for the script to pick up all items that begin with "ServiceNow - " instead of naming each individual group. We are constantly adding groups to ServiceNow and I don't want a new group to be missed.
All ServiceNow groups live in the same OU:
Canonical-Name = DomainName/Security Groups/ServiceNow Security Groups
Distinguished Name = OU=ServiceNow Security Groups,OU=Security Groups,DC=Domain,DC=Name,DC=org
Any help would be greatly appreciated!