Is there a way to remove LDAP users from KACE which no longer reside in the OU which is being searched
Originally I had imported users from the entire domain, now I only wish to import users from the active OU, I can easily remove all the current users and import from the OU again but I would like to automate the administrative task of removing users from the KACE system manually when they leave the organisation. Is there some way to crop my user base based on any kind of filter.
Answers (3)
On our k1000 when we changed the LDAP dredge of the OU's the accounts that were in ou's not being looked at any longer broke and could not login even though they still existed in the kbox user list. You may want to recommend a feature addition to clean up the user database. Deleteing the users and reimporting via ldap is not a good idea since it will break the links in the kbox's databases for the users when you delete them and you will need to reset access levels also.
I would echo the need to place labels on users that aren't based on LDAP. Our users don't login to the system, so the LDAP labels never get applied, even if I did set them up. I work at a college, so we will soon have large numbers of users that are no longer in the organisation and the problem will only compound every year that we have graduation.
Might be possible to pull a variable from ldap into the user table that would indicate the expired users and then create a smart label based off of users with that flag. Then set the queue to only allow users who haven't been flagged as expired. This may get around the outright deletion which could muck up the historical data but would need some testing.
