Occasionally when auditors come by I like to disable all user accounts in AX which have been disabled in Active Directory. Even though AD will not let them login auditors have a hard time understanding it, so I disable the users. Many times we do not get notification that someone has left the company, or sometimes it does not reach the right people in charge of AX security. So I made the job below which disables users in AX because they are disabled in Active Directory. The job takes a little while to run.
static void disableUsersMissingInAD(Args _args)
{
UserInfo userInfoUpdate;
xAxaptaUserManager xAxaptaUserManager;
xAxaptaUserDetails xAxaptaUserDetails;
#Guest
xAxaptaUserManager = new xAxaptaUserManager();
Global::startLengthyOperation();
ttsbegin;
while select forUpdate userInfoUpdate
order by networkAlias
where userInfoUpdate.Id != #GuestUser
&& userInfoUpdate.enable == 1
{
// Get the single user's details from the kernel class
xAxaptaUserDetails = xAxaptaUserManager.getDomainUser(userInfoUpdate.NetworkDomain, userInfoUpdate.NetworkAlias);
// Only show users who are enabled in Active Directory
if (xAxaptaUserDetails == null || xAxaptaUserDetails.getUserCount() == 0 || !xAxaptaUserDetails.isUserEnabled(0))
{
userInfoUpdate.enable = 0;
userInfoUpdate.update();
}
}
ttscommit;
Global::endLengthyOperation();
}
Leave A Comment