Hi,
Its easy to find a powershell script to disable an AD account that has been inactive for a given period of time.
However, just trying to figure out how this would work with a typical FIM deployment, where HR is authoritative for user data which is provisioned to AD via FIM. If we were to implement a daily "look for inactive users and disabled them and move them to disabled OU" AD powershell script, we effectively would make AD authoritative for these values - DN & userAccountControl?
At the moment DN is determined by "location" values in HR, and userAccountControl by employeeStatus values in HR.
With equal precedence being deprecated, just wondering if anyone has had a similar scenario, and how you have dealt with it?
thank you,
sk