Orchestration for disabling user account

    Consider a scenario in which the IT admin needs to disable user accounts. Disabling user accounts is not a stand-alone task. It is often followed up by tasks like disabling of mailboxes, moving the user account to a different group, removing user from their existing groups, notify the disabled user and raise a request in ITSM tools to revoke access permissions linked to the user account. To summarize, an IT admin must toggle between different applications to perform the following tasks,

    • Tasks to be performed in AD:
      • Move user accounts to a different OU
      • Remove user from existing groups
    • Tasks to be performed in Microsoft Exchange:
      • Disable user mailbox
    • Tasks to be performed in the ITSM tool:
      • Raise a request to revoke the access permissions of the user account that has been disabled.
    • Stakeholders to be notified:
      • Email or SMS notification sent to the IT admin, team manager and the user about the disabled user account.

    With ADManager Plus' Orchestration template, all of this can be done from a single console as a seamless process in four steps:

    1. Create a new Orchestration template to configure the sequence of actions that need to be executed when a user account is disabled

    1. Log on to ADManager Plus as the admin.
    2. Navigate to Automation tab → Configuration → Orchestration → Orchestration Template.
    3. Then click on the Create New Template button.
    4. Enter a suitable Name and Description for the template.
      • To create your own custom Orchestration template you can drag and drop the required blocks among the following to create your template, AD Actions
        • Move users to container - To move users to a specified container.
      • Exchange Actions
        • Disable Mailbox - To disable the mailbox associated with a user account.
      • Cloud Actions
        • Delete Microsoft 365 Account - To delete the associated Microsoft 365 accounts.
      • Custom Actions
        • Webhook - Select the webhook template with the ITSM tools' API(If supported) configured, that raises a request to revoke the permissions of the user.
          To create a new webhook template, follow these steps.
        • Notification template - Select the desired notification template.
          To create a new notification template, follow these steps.
    5. Click Save once the template has been created. In case you wish to undo all the changes done to the template, click the Clear Workflow button to start afresh.

    2. Create a new Webhook template to raise a request in the ITSM tool for user disabling

    1. Log on to ADManager Plus as the admin.
    2. Navigate to Automation tab → Configuration → Orchestration → Orchestration Template.
    3. Click on Configure Webhook.
    4. In the URL field, enter the API call.
      Note: The following information can be obtained from the API document of the applications you wish to provision user accounts in.
    5. In the Method field, select one of the following HTTP methods,
      • Get - To read
      • Put - To update or replace
      • Post - To create
      • Delete - To delete
    6. In the Headers field, you can add the required API headers and map them to the suitable header values.
    7. Likewise, in the Parameters field, you can add the suitable API parameters and map them to their parameter values.
    8. Select the suitable Message Type option and click Save.
      Note: You can use the listed Macros for configuring headers and parameters. To use Macros in the URL and Message Type fields, enter them manually.

    3. Create a new Event-driven Automation to configure the conditions under which the Orchestration Template will be executed:

    Before you begin, ensure that the mail server settings are configured properly. You can learn more about it here.

    1. Log on to ADManager Plus as the admin.
    2. Navigate to Automation tab → Configuration →Orchestration → Event-driven Automation.
    3. Click the Create New Automation button on the top-right corner of the page.
    4. Enter a suitable Name and Description for the profile.
    5. In the Criteria section, add the conditions under which the template needs to be executed.
    6. In the Event-driven Automation, add the Orchestration Template created in Step 1 from the list.
    7. Click Save.

    Don't see what you're looking for?

    •  

      Visit our community

      Post your questions in the forum.

       
    •  

      Request additional resources

      Send us your requirements.

       
    •  

      Need implementation assistance?

      Try onboarding