- Mark as New
- Bookmark
- Subscribe
- Mute
- RSS Feed
- Permalink
- Report Inappropriate Content
Hi all,
How can I compare AD users to SAS metadata users to highlight disabled accounts. Is there any tools available?
Any suggestions.
Thanks,
Vamsi
Accepted Solutions
- Mark as New
- Bookmark
- Subscribe
- Mute
- RSS Feed
- Permalink
- Report Inappropriate Content
Hi Vamsi,
Do you mean user accounts that have been marked as disabled in Active Directory? If so and you are using code derived from the SAS importad.sas sample, using the standard SAS %MDUEXTR and %MDUCMP macros, then you can also extract the AD userAccountControl attribute and check for the appropriate bit - see https://support.microsoft.com/en-au/help/305144/how-to-use-the-useraccountcontrol-flags-to-manipulat...
Additionally, our Metacoda Identity Sync Plug-in, from version 6.0 R4 onward, also provides an option to treat user accounts that have been disabled in AD as tag-deleted so that they are tagged and effectively disabled in SAS metadata:
I hope this helps.
Cheers
Paul
- Mark as New
- Bookmark
- Subscribe
- Mute
- RSS Feed
- Permalink
- Report Inappropriate Content
Hi Vamsi,
Do you mean user accounts that have been marked as disabled in Active Directory? If so and you are using code derived from the SAS importad.sas sample, using the standard SAS %MDUEXTR and %MDUCMP macros, then you can also extract the AD userAccountControl attribute and check for the appropriate bit - see https://support.microsoft.com/en-au/help/305144/how-to-use-the-useraccountcontrol-flags-to-manipulat...
Additionally, our Metacoda Identity Sync Plug-in, from version 6.0 R4 onward, also provides an option to treat user accounts that have been disabled in AD as tag-deleted so that they are tagged and effectively disabled in SAS metadata:
I hope this helps.
Cheers
Paul
- Mark as New
- Bookmark
- Subscribe
- Mute
- RSS Feed
- Permalink
- Report Inappropriate Content
Thanks @PaulHomes. I'm Importing the AD directory users using Importad.sas sample. But I want to import only SAS users. We have a "SAS_Users" AD group which has nested SAS groups how can I import users from "SAS_Users" group?
- Mark as New
- Bookmark
- Subscribe
- Mute
- RSS Feed
- Permalink
- Report Inappropriate Content
Using the Metacoda Identity Sync plug-in you would just configure it to target the SAS_Users AD group and then it would follow the members of that group, both users and and further nested groups and their members.
To do this with the importad.sas code you would need to customize it so that, instead of getting all users and groups under the specified OUs, you query the single SAS_Users AD group to find its members (as a lookup table) and then fetch the details for just those member users (and possibly member groups if you need nested groups too).
- Mark as New
- Bookmark
- Subscribe
- Mute
- RSS Feed
- Permalink
- Report Inappropriate Content
Hello @vkrishna,
I love the tool that @PaulHomes mentioned, I think it reduces maintenance costs (not everyone is capable of maintaining the importad sync script, and less if there are customisation), also with that tool you can hand over the user sync and comparisons to the relavant IT team, whom understand better how AD works.
However, if you would like to continue working with the script:
I think, since the input for the script is an OU or a set of OUs, your best choice is to include that group within the a single Organisational Unit (OU) in the AD, and only that group. The script should be able to take that group and all the groups and users within that group.