Inactive AD Users Disable/Enable
Purpose
This solution stores information about the inactive AD users and performs actions to disable or enable them using automation.
Associated Content
| Content | Type | Function |
|---|---|---|
| Audit - Inactive AD Users - X Days | Script | This script detects the inactive users over X days (configurable via the system property Inactive_AD_Users_Threshold_Days; default: 90 days) and records the data into the Table - pvl_ad_inactive_users. The data is then displayed in the Dataview - Inactive AD Users Audit. |
| Disable - Inactive AD Users - X Days | Script | This script detects the inactive users over Inactive_AD_Users_Threshold_Days days and disables them. |
| Enable - Inactive Disabled AD Users - X Days | Script | This script enables the inactive users that are not logged in for over Inactive_AD_Users_Threshold_Days days. |
| Audit Inactive AD Users | Internal Monitor | This internal monitor detect the online AD Infrastructure Master Server where the client EDF Audit Inactive AD Users is enabled for Auditing and runs the script Audit - Inactive AD Users - X Days. |
| Disable Inactive AD Users | Internal Monitor | This internal monitor detects the online AD Infrastructure Master Server where the Table - pvl_ad_inactive_users has an enabled users list over threshold and are not excluded. |
| Enable Inactive Disabled AD Users | Internal Monitor | This internal monitor detects the online AD Infrastructure Master servers where the client-EDF Enable Inactive Disabled AD Users is enabled. It only targets servers that have a disabled users list in Table - pvl_ad_inactive_users and enables those accounts. |
| pvl_ad_inactive_users | Custom Table | This table stores the data of the inactive users above the threshold. It also collects information about the inactive users that were enabled or disabled using scripts Enable - Inactive Disabled AD Users - X Days and Disable - AD Inactive Users - X Days respectively. |
| Inactive AD Users Audit | Dataview | This dataview displays the audit data that was stored in the Table - pvl_ad_inactive_users . |
△ Custom - Execute Script - Audit Inactive AD Users | Alert Template | This alert template calls the Script - Audit - Inactive AD Users - X Days to audit the inactive account above X days detected by the internal monitor Audit Inactive AD Users |
△ Custom - Execute Script - Disable Inactive AD Users | Alert Template | This alert template calls the Script - Disable - Inactive AD Users - X Days to disable inactive account above X days detected by the internal monitor Disable Inactive AD Users |
△ Custom - Execute Script - Activate Disabled AD Users | Alert Template | This alert template calls the Script - Enable - Inactive Disabled AD Users - X Days to enable the detected accounts via internal monitor Enable Inactive Disabled AD Users |
Implementation
Audit inactive AD account
- Import the script Audit - Inactive AD Users - X Days. It is needed to run this script during import with
SetEnvironment= 1, to create the Table - pvl_ad_inactive_users, import the required EDFs, and import the required system propertiesInactive_AD_Users_Threshold_Days. Refer to the Audit - Inactive AD Users - X Days for a sample run demonstration and also check on how the EDFs are used. - Import the Monitor - Audit Inactive AD Users
- Import the
Alert Template - △ Custom - Execute Script - Audit Inactive AD Users - Import the Dataview - AD Inactive Users Audit
- Reload the System Cache.
- Apply the
Alert Template - △ Custom - Execute Script - Audit Inactive AD Usersto the Monitor - Audit Inactive AD Users and save it. - Run now and reset the monitor.
Disable inactive AD account
- Import the Script - Disable - Inactive AD Users - X Days
- Import the Monitor - Disable Inactive AD Users
- Import the
Alert Template - △ Custom - Execute Script - Disable Inactive AD Users - Reload the System Cache.
- Apply the
Alert Template - △ Custom - Execute Script - Disable Inactive AD Usersto the Monitor - Disable Inactive AD Users - Run now and reset the monitor.
Enable inactive disabled AD account
- Import the Script - Enable - Inactive Disabled AD Users - X Days
- Import the Monitor - Enable Inactive Disabled AD Users
- Import the
Alert Template - △ Custom - Execute Script - Activate Disabled AD Users - Reload the System Cache.
- Apply the
Alert Template - △ Custom - Execute Script - Activate Disabled AD Usersto the internal monitor Monitor - Enable Inactive Disabled AD Users - Run now and reset the monitor.
Changelog
2025-11-11
- Initial version of the document