I can see this question was posted several times , but I am wondering if somebody can tell me what is actually right process when user is deleted from AD or when user or when usrers properties get updated.
Here is the scenario:
- All users are synchronized via AD connector to CMDB, and they can be seen in User View in SCSM (configuration item- users)
- User A leaves the company. The our process is to disable usess account and rename it by adding the date when user object was disabled . For example (April 15<sup>th</sup>, 2015)user name
- After the next sync in User View in SCSM I cannot see user object , neither old or with disabled properties.
- The user object is also not in Deleted Items View in the Administration workplace.
- If an analyst wants to create a new ticket , he can by mistake choose disabled user from the picker dialog. It tells that user still exist in CMDB, but not sure why in that case it cannot be seen in User View.
- After one month user object will be deleted and from it will stay in hidden deleted container in OU for 3 months.
- As per one article from Travis , run as account needs to have list object on that folder even I do n see that on any Microsoft document. Or at least I did not find it.
So basically I need to understand if per Microsoft design user object needs to be deleted from CMDB after the user is deleted from AD or not? I think it should not. However, we have many contractors who leaves and comes back.
I think when they come back in the picker dialog it will be listed same user several times in this case which can be a big issue.
I need to know what actually needs to be done by AD connector and what needs to be done manually in SCSM if necessary.
Other recent topics
