[midPoint] Active Directory Administrative Status

Florin. Stingaciu fstingaciu at mirantis.com
Wed Sep 14 21:38:34 CEST 2016


Hello,

We are syncing all of our users from an Active Directory instance. When a
user is disabled two things happen:

1. The Dn of the user changes from cn=username,ou=people to
cn=username,ou=disabled_accounts

2. The userAccountControl changes from 512 to 514 indicating the user is
disabled

I use an import user accounts task daily to ensure any people who left the
company are disabled, however I just noticed that for some users when they
get disabled in active directory, midPoint won't disabled them even though
they both have the userAccountControl entry set to 514 making me think that
midPoint uses a different attribute to test the Account Status on the AD
resource.

Here's my activation setting:

         <activation>
            <administrativeStatus>
               <inbound/>
            </administrativeStatus>
         </activation>

Any help would be greatly appreciated.

Thanks,
-F
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20160914/5d5d5d99/attachment.htm>


More information about the midPoint mailing list