Compliance Accelerator and AD Integration
All -
When our users leave the company, we put the users in AD into a "Disabled OU" and delete account after 30 days of being in "Disabled OU". Unfortunately when the AD synchronization occurs from CA, the "End Date" does not get populated nor does the user become "Inactive".
When I goto "Configuration/Directory Mapping", End Date is not mapping to any attribute in AD.
Can someone advise on what the "End Date" mapping has to be to AD from CA? Is this "Expiration date" in AD? We do not use any "End Date" in AD as we just "Disable" the user and delete in 30 days.
Thanks for any advise.
Upanesh
The EndDate is populated by CA when the user is removed from a Department. That occurs automatically, so don't be concerned about synchronizing it with AD.
As for the Monitored Employee still attempting to synchronize with AD, CA 8 and above has a configurable setting to automatically stop the synchronization attempts after 30 days by default. This configuration setting is in place so that any temporary issues with AD access are not cause for unintended synchronization removal. Once the synchronization option is unchecked, CA won't ever try to synchronize the account again unless someone goes in and enabled the synchronization again.
Ken