cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

How to remove user from a particular AD-Group in AD from IDM

Go to solution
Ckumar
Contributor

on ‎04-22-2014 12:51 PM

0 Kudos

Hi all,

I am using SAP IDM 7.2.

Could you please help me by explaining step by step process, How to remove user from a particular AD-Group in AD from IDM?

I have two Scenario.

  • If a user dont have some particular group privileges then i have to remove that user from the corresponding group in AD.

  • If user does not exist in IDM, then remove the user from all the AD groups.

      

We are getting the groups and corresponding users of those groups and storing in the temporary table in the IDM database. We even able to check whether the user exists in IDM or not and also we can able to check whether the user has respective group privilege or not.

Our main aim is to remove the user from AD group from IDM without using TO LDAP pass from IDM. If there is way please share to me if not please let us know how can we do this with TO LDAP pass.

Thanks in Advance,

Regards,

C Kumar

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

former_member2987
Active Contributor
‎04-28-2014 12:59 PM
0 Kudos

I would definitely go with the ToLDAP pass.  It's easy to do and does not require any scripting.  I believe if you look in the SAP Provisioning framework you'll see an example.

Regards,

Matt

Show replies
Show replies
Ckumar
Contributor
‎05-13-2014 11:03 AM
0 Kudos

Hi matt,

finally i implemented the ToLdap Pass.

Answers (1)

Answers (1)

peterwass
Explorer
‎04-28-2014 2:47 AM
0 Kudos

Powershell (or vbscript if you want to be old school).

You can trigger a powershell script which will remove the offending user(s) easily enough with out resorting to a TOLDAP pass.  Nearly any script type thing would work but powershell is preferred.  It can be triggered separately from the TO AD stuff and will take multiple objects to run in one pass if you can construct the command line (or create a text file and feed it in).

Otherwise, TOLDAP is the way to write to AD...

Peter

Show replies
Show replies
Ask a Question