Don't allow the sync process to re-enable a manually disabled user

support_connecttoad · May 10, 2023, 6:16pm

Our HR team informs us that an employee will be terminated later in the week. They will rermain active until Friday.

IT is asked to manually disable their AD account even though the employee will remain Active in UKG for the remainder of the week. They will be set to Terminated on Friday.

We go ahead and manually disable the user in AD, but the next time the sync process runs, it re-enables the AD user account because the employee is still Active in UKG.

Is there a way for us to setup Connect to AD to not re-enable a manually disabled user?

support_connecttoad · May 27, 2023, 12:30pm

If the disabled user is moved to a specific OU, then we can create a conditional expression that first checks if they are in that OU before taking any action.

See below for an example…

WHEN
User.Container == “OU=Terminated Users”
THEN
Ignore

WHEN
Employment.EmployeeStatusCode == “T”
THEN
false

WHEN
Default
THEN
true