Skip to main content

Posts

Showing posts with the label Active Directory

Comparing AX and Active Directory User Accounts

metod 1 I was recently working with an AX 2009 customer who wanted to compare the user accounts configured in AX with the user accounts in Active Directory. The basic goals were: 1.Find all AX user accounts that no longer exist in Active Directory. 2.Find all accounts that are disabled in Active Directory but not in AX. It would be great if AX would flag these scenarios for you, but unfortunately it doesn't. If you’re interested in knowing if you have any orphaned accounts or accounts that should probably be disabled in AX, here’s a quick way to do just that. 1.Export AD users to a CSV file. I used a PowerShell command for this step. The command I used requires the Active Directory Module for Windows PowerShell. This is installed by default on domain controllers, but it is also available via the Remote Server Administration Tools for Windows 7 if you want to run it from a workstation instead. http://www.microsoft.com/download/en/details.aspx?id=7887 2.Create a table for the AD ...
Read more

Disable users who are not active in Active Directory

Occasionally when auditors come by I like to disable all user accounts in AX which have been disabled in Active Directory. Even though AD will not let them login auditors have a hard time understanding it, so I disable the users. Many times we do not get notification that someone has left the company, or sometimes it does not reach the right people in charge of AX security. So I made the job below which disables users in AX because they are disabled in Active Directory. The job takes a little while to run static void disableUsersMissingInAD(Args _args) {     UserInfo userInfoUpdate;     xAxaptaUserManager xAxaptaUserManager;     xAxaptaUserDetails xAxaptaUserDetails;     #Guest ;     s uper();     xAxaptaUserManager = new xAxaptaUserManager(); Global::startLengthyOperation();     ttsbegin;     while select forUpdate userInf...
Read more