Disable OID User account after 90 days of inactivity - OIM

Similar Messages

• Disable OID user account

  I am new to OID, but very familar with Novell eDirectory and Microsoft Active Directory.
  Both Novell eDirectory and Microsoft Active Directory have the ability to disable login accounts so they can not be used for login (ie say when a user leaves your company).
  I have been unable to find in OID how to disable a user account, could someone point me to that please?
  B

  there is an attribute called "orclisenabled" and you can disable a user by setting this attribute to "Disabled"

• Automatically disable user accounts after specific number days Oracle Apps

  Hi All,
  Is there a way, using group policy or any other method to automatically disable a user account if it hasnt been used (ie,, no has logged on using that account) after a certain amount of days??
  This is something I would like to apply enterprise wide, so setting expiry dates on each users object is out, and obviously I only want to apply this to inactive accounts.
  Thanks in advance
  Saquib

  Saquib,
  There is no such profile option. However, you can write a code to check LAST_LOGON_DATE in FND_USER table and based on this you can disable/lock the account.

• Disabling user account after 24hrs

  Hi all.
  We have a requirement to disable new user accounts if they are not logged into within 24hrs of creation, I suspect this can be done with some Powershell however I can't really think how.... Any ideas?
  Cheers :)

  Hi there,
  This should get you started.
  $when = (get-date) - (new-timespan -days 5)
  Get-ADUser -properties created,lastlogondate -filter { created -gt $when } | ? { $_.lastlogondate -eq $null }
  It's not a perfect answer to your question but it should get you in the right direction.

• Unable to log in to user account after installing windows 7 using Bootcamp

  Hi everyone,
  I need help. I have been at it for days, I have googled every which way but I am not able to fix this. Basically my problem is that I am unable to log in to my user account after I used Bootcamp to install windows 7. I will explain what I did up until I couldn't log in.
  I backed up my user account using Time Machine(I was logged in as the user). The account had FileVault activated and I neglected to disable FileVault before back up. I just didn't think to, it did not even occur to me! Then I partitioned Macintosh HD, I was doing this with my step son and he thought we were supposed to partition the hard drive first before running Bootcamp! After that was done, I couldn't run Bootcamp because obviously we had whipped the HD clean! Anyway, I reinstalled the OS X using the internet, after which I run Bootcamp and successfully installed windows 7. Then I went on to restore my account using Time Machine, only when I try to log in I get the error message "you are unable to log in to the user account at this time". I tried every possible solution I could find on here, including creating a new admin account, deleting the old account but saving the user folder and then routing the new account to the old user folder. Still nothing. I have tried logging in as a root user, reset the master password and deleted FileVault files from Library/keychain in the hope I would access the user account, but to no avail. What's more is that I can't even see the sparse bundle or sparse image files that people keep referring too. I can't even find it on the Time Machine back up! I then thought I would cut my losses and try system recovery using Stellar Phoenix Mac Data Recovery (cost me £81) but it did not recover any of my photos, music, videos or documents.
  I honestly can't come to terms with the fact that I am unable to login to an account with 3 years worth of pictures and documents. I am having a hard time letting go. Is there anyway possible to crack this?
  Thank you in advance.
  By the way, I am running Mountain Lion OX 10.8.4 on MacBook mid 2010

  I have this exact problem. Installed Bootcamp on a networked iMac running Mountain lion and and can no longer log in to my Mac user account. Would love if any of the pro users on here can shed a bit of light.

• My computer keeps going to user account after one minute of idlig. How can I change that?

  my computer keeps going back to user account after one minute of idling.  The only thing I know I did was to change the time on window themes.  Now how do I get the user account page from taking me from my page I am currently reading?  Does this after every 60 sec. of no activity.

  Hello again loveroflight,
  I am still not understanding apparently what your issue is. So I think it would be best if you contact HP Technical Support for repair options. They will be able to log onto your system and actually see what it is you are having and issue with and provide you with a resolution.
  I would like to thank you for posting on the HP Forums. Have a great day!
  Please click the "Thumbs Up" on the bottom right of this post to say thank you if you appreciate the support I provide!
  Also be sure to mark my post as “Accept as Solution" if you feel my post solved your issue, it will help others who face the same challenge find the same solution.
  Dunidar
  I work on behalf of HP
  Find out a bit more about me by checking out my profile!
  "Customers don’t expect you to be perfect. They do expect you to fix things when they go wrong." ~ Donald Porter

• How do i merge my user accounts after migration assistant

  Hello,
  How do I merge my user accounts after migration assistant from a time machine back up?

  I wonder how to plan what account and rights to have where?
  I had my old original account on my iMac, and then I "migrated" the data to a user account, in order to have some advantages with that setup. So everything worked approximately ok in this setup.
  And yesterday, I tried migrating to a new Mac, and suddenly I get aware of the fact that the rights on these two earlier accounts were important.
  And especially, after doing the migration to the new machine twice, until I got the Mail working, I am now totaly bewildered what solution to aim for? How to merge the two migrated admin accounts - keeping the original admin account is also important, since my file system har special rights for that one.
  Could anyone give me more ideas about how to proceed? I think I have working Mail on one of the two migrated account (with 100 000 mails or so, it seems so...). The other account is the one I would like to have.
  Also I think I want to use a normal user account, not an admin account for my daily use. And I have to see if things still work if I turn off the admin rights...
  Thankful for any advice!
  /groundliner

• How to disable a user account and issue CoA via REST? (ACS 5.4)

  Like the subject line says, I need to disable user accounts via REST, as well as issue CoA doing the same. Is this even possible? I've been trying for a few days now and I can do GET queries on user accounts, but I can't get anything to work using PUT.

  According to this document it should be possible to use the PUT method.
  http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_system/5.4/sdk/rest.html
  Could you please tell us how are you using the PUT method? I could try to replicate it in my lab.
  Best regards

• Help disabling expired user accounts in AD

  I'm looking for a bit of help here... I'm trying to create a vb script that looks for all user accounts that has expired before today and disables them. After a
  LOT of scrounging the interwebs I've been able to scraped together the bellow VB script that lists all the expired user accounts that are still active, so now i'm trying to have it take the found
  accounts and disable them
  Option Explicit
  Dim dtmAdjusted, lngSeconds, str64Bit
  Dim objShell, lngBiasKey, lngBias, k
  Dim objRootDSE, strDNSDomain, objConnection, objRecordset, objUser
  Dim strBase, strFilter, strAttributes, strQuery, strDN, strAttributes1, strAttributes2, strAttributes3
  ' Obtain local Time Zone bias from machine registry.
  Set objShell = CreateObject("Wscript.Shell")
  lngBiasKey = objShell.RegRead("HKLM\System\CurrentControlSet\Control\" _
  & "TimeZoneInformation\ActiveTimeBias")
  If UCase(TypeName(lngBiasKey)) = "LONG" Then
  lngBias = lngBiasKey
  ElseIf UCase(TypeName(lngBiasKey)) = "VARIANT()" Then
  lngBias = 0
  For k = 0 To UBound(lngBiasKey)
  lngBias = lngBias + (lngBiasKey(k) * 256^k)
  Next
  End If
  ' Convert current date/time value to UTC.
  dtmAdjusted = DateAdd("n", lngBias, Now)
  ' Find number of seconds since 1/1/1601.
  lngSeconds = DateDiff("s", #1/1/1601#, dtmAdjusted)
  ' Convert the number of seconds to a string
  ' and convert to 100-nanosecond intervals.
  str64Bit = CStr(lngSeconds) & "0000000"
  ' Determine DNS domain name.
  Set objRootDSE = GetObject("LDAP://RootDSE")
  strDNSDomain = objRootDSE.Get("defaultNamingContext")
  ' Use ADO to search Active Directory.
  Set objConnection = CreateObject("ADODB.Connection")
  objConnection.Provider = "ADsDSOObject"
  objConnection.Open "Active Directory Provider"
  Set objRecordset = CreateObject("ADODB.Recordset")
  objRecordset.ActiveConnection = objConnection
  ' Search entire domain.
  strBase = "<LDAP://dc=globalgiving,dc=local>"
  ' Filter on expired user accounts.
  strFilter = "(&(objectCategory=person)(objectClass=user)" _
  & "(accountExpires<=" & str64Bit & ")(!accountExpires=0)(!userAccountControl:1.2.840.113556.1.4.803:=2))"
  ' Retrieve Distinguished Names.
  strAttributes = "sAMAccountName"
  ' Use ADO to query AD.
  strQuery = strBase & ";" & strFilter & ";" & strAttributes & ";subtree"
  objRecordset.Source = strQuery
  objRecordset.Open
  ' Enumerate expired user accounts.
  Do Until objRecordSet.EOF
  strDN = objRecordSet.Fields("sAMAccountName")
  Wscript.Echo strDN
  objRecordSet.MoveNext
  Loop
  ' Clean up.
  objRecordset.Close
  objConnection.Close
  Set objRootDSE = Nothing
  Set objConnection = Nothing
  Set objRecordSet = Nothing
  I tried adding: 
  strDN.AccountDisabled = True
  strDN.SetInfo
  but I get :
  (66, 1) Microsoft VBScript runtime error: Object required: 'jtest'
  jtest is one of the test accounts I have on my AD.
  Any suggestions or pointers anyone can give me? I found a 4 line power script that dose exactly what i want, but power script isn't an option for me :(

  Start with this:
  'change this
  ' Retrieve aDS path to user object
  strAttributes = "aDSPath,sAMAccountName"
  ' Enumerate expired user accounts.
  Do Until objRecordSet.EOF
  Set account = GetObject(objRecordSet.Fields("aDSPath"))
  Wscript.Echo account.SamAccountName
  account.AccountDisabled = True
  account.SetInfo
  objRecordSet.MoveNext
  Loop
  ¯\_(ツ)_/¯

• I'm having a problem with logging into a FileVault-protected user account after restoring from Time Machine backup.

  Hi all,
  My computer had been running really slowly for a while, so I decided to erase the whole hard drive and reinstall the operating system, and then I was going to restore the files I cared about from Time Machine. The main account, which had all my documents and photos, was FileVault-protected. The last thing I did before erasing the hard drive was to run one last Time Machine backup. As far as I remember, I always ran Time Machine backups with the FileVaulted user logged in.
  I don't remember whether I was using FileVault 1 or 2. I had been using FileVault 1, but I installed Lion as soon as it came out and I thought I had migrated to FileVault 2 at that point.
  Once I erased the hard drive and reinstalled the operating system, I browsed the Time Machine disk and, within the Users folder, there was no folder for the main user account. When I tried to reinstall everything by restoring from Time Machine backup, I'd get the option for all the user accounts, but when I tried to log in with the main one I'd get the dreaded "You are unable to log in to the FileVault user account "User" at this time. Log in failed because an error occurred." Finally, when attempting to restore from the Time Machine backup again, I noticed something strange: After the computer got to about 10% done restoring, it declared itself completed successfully and rebooted.
  I've tried a number of tips that came up from questions about similar issues on the Apple support forum, but had no luck. Is there any way to get these files back? Did they ever even get backed up?
  Thanks.

  Hroodbwai wrote:
  I can't find it! not sure what's going on but the only folder shown is the " Shared" folder.
  Did you have only the one user account? If there were others, they should also be in the "Users" folder. You probably won't have access to the files inside them, but they should be there.
  From what can make out, it looks like it's not backed up any of the files for the filevault account. Can't see user folder when looking through previous backups in Time Machine galaxy view.
  Are you doing that from a Finder window set to your internal HD, or your computer name? It should look something like this (with the Finder in List view):
  |
  |
  I'd been logging out and backing up manually on a regular basis.
  Scheduled backups should run normally; but they won't back up the File Vault sparse bundle, nor will any run manually.
  The only time it's backed-up is when you actually log out.
  You should have seen this window on logout:
  |
  |
  followed by this one:
  |
  |
  If you didn't see the second one, or cancelled it, the account wasn't backed-up.

• Merging user accounts after using Migration Assistant

  I've just acquired my first Mac (Lion OS) and set it up without using the Migration Assistant.  I set up mail accounts for my existing email addresses (Gmail & Virgin).  A few days later I decided to transfer my old files from the PC using Migration Assistant.  Rather than do the whole thing in one go I thought I'd start with iTunes.  What I failed to realise is that the Migration creates a new user account on the Mac (something I only noticed when I couldn't find iTunes and went searching).  If I now migrate something else such as "My Photographs", another user account will appear.
  I don't really want more than one user account so how do I transfer the iTunes music from one account to another and the same when I bring more stuff across from the PC?  A related issue is the fact I've set up mail accounts already.  If I migrate my Outlook mail folders and email account details can these also be merged or will the Mac be confused as I've already set something up?
  Any help appreciated from this newbie Mac user.  Thanks.

  Have a read here Transferring files from one User Account to another
  Stefan

• Separate user accounts after already used 2 ipod nanos in admin account

  My daughter purchased a nano a month ago and we downloaded the software. (Note: The kids already had their own user accounts before I downloaded the software.) When she set up her music in the library and plugged her ipod in she was in my admin account. This week my son purchased his own nano and I couldn't figure out how to get them separate libraries, so we had them do separate playlist, but that was kind of a pain. I checked the discussions and found out that if they had separate user accounts they could have separate libraries. I asked someone about how to be able to set up separate iTunes libraries for each person and they said to open iTunes in their accounts and make sure that their libraries are directed to different files (i.e., each of their names) which they were. After they downloaded all their music they wanted in their separate libraries, they plugged their ipod into the USB, but it didn't recognize it. The ipod category in the source file does not show up and the ipod button that usually shows up in the bottom right hand corner doesn't even show up. Can anyone tell me what I need to do to get the ipods to recognize their new accounts in the separate user accounts?

  Easiest is prob to restart the PC and log on as one kid, update one iPod.
  Then totally log off that account and log on as the other kid, update other iPod.
  There is a program, iTunesHelper.exe that runs in the background. It has to be running under the userID trying to update the iPod.
  You can see what I mean if you go to Task Manager
  (ctl-alt-del in case you don't know)
  Click on the Process tab
  Click on the imageName column to sort alphabetically
  Make sure to check show processes from all users.
  If iTunesHelper.exe is running under Kid1 account, then Kid2 account cannot update iPod.
  It all goes back to iTunes not supporting fast user switching....prob more than you wanted to know!
  Fast user switching in Windows XP is not supported

• Two user accounts after Migration from old Mac

  Yesterday I bought a new iMac with OSX Lion. I used the Setup assistant to move my data from my old iMac (Leopard) using Firewire target disk mode.
  When that was finished, I was suprised not to see any of my old stuff on my new Mac, so I started copying some stuff manually. It was only later that my penny dropped (Lion noobie here) and I realised I now have two user accounts: my new "Lion" account, and another one which - tada - does contain all my old stuff. Both appear to be admin accounts.
  Since I already manually copied all the stuff I wanted to keep to my new account, can I safely delete the old account? How do I do this, and what happens with the old stuff? I read something about the home folder of the deleted user being moved somewhere. Where would that be?
  Thanks!

  It is easy to delete an account but you wisely used the word "safely".  When I migrated to Lion I did an "in place" upgrade and no new adminstrative accounts were created.   Lion will create a guest acount but that can be easily disabled in the Users and Groups preference pane.  Did you do an in place or a clean install of Lion?  
  First, before you delete anything be absolutely sure that the account you want to keep has everything you need.  I suggest you work with it a least a week before making that judgement.  There is no hurry if you have the space to keep two accounts.  I have a spare adminstrative account just in case I need it for troubleshooting.  Be sure you backed up your boot drive with a versioned (like Time Machine) and a cloned backup to an external drive.  
  Go to System Preferences and choose the Users and Groups preference pane.  There you will find your accounts and their designations (i.e. adminstrator, guest, standard).   If you are completely satisfied that the admin account you backed up is all you need then you can click on the lock at the bottom left of that pane, enter your adminstrative password, choose the account you want to delete and click the minus button.  Once you have done this, it is gone.  All of the settings and data you had will be gone unless they were duplicated in another account.  Your applications should remain.  
  That said, there is nothing wrong with having two adminstrator accounts.  Some very security minded people suggest that you should not operate from your admin account because it allows access to deep levels in your computer.  
  Jay

• How to best restore lost User Accounts after server crash?

  Our late 2005 G5 froze sometime overnight in the middle of a Time Machine backup.  We had to do a hard reboot the next morning.
  When OS X Server 10.5.8 came back up, none of our users could log in including our administrator accounts.  Unable to log in as root, we used the utility on the installation disc to reset the root password.  We were able to log in as root to see that our data and server disks still were intact and navigable.  However, we could not see any user accounts defined.  We then were able to log in as Server Administrator.  Same thing.
  We are unfamiliar with restoring anything from Time Machine backups other than user files.  Is there a way to restore user accounts from Time Machine and how? 
  More info: we tried restoring some system files and the library folder but no luck.  Not sure how to go about restoring Keychain if that got corrupted...We had about 10 accounts defined before the crash. 
  Carl

  I believe the easiest approach would be:
  - Install the same OS on the new servers
  - Install OS pre-req software and packages for your EBS instance
  - Restore from cold backup (if the crash happened directly after this backup and you haven't lost any data)
  OR,
  - Restore from hot backup (if the crash happened after your cold backup and you have data that wasn't part of the cold backup)
  I assume that no changes to the hostname, domainname, IP Address, port numbers, directory structure, ..etc is taking place in this restore.
  Thanks,
  Hussein

• How to temporarily lock or disable a user account

  Hi, I need help on the easiest way to do the following:
  I want to temporarily disable one of the user accounts on my Mac so it cannot
  be used.
  I do not want to delete the account, just block it
  Thanks

  Aha! Now that's the kind of info I was looking for.
  To hide the user with short user name "jim" from the login window, first log in to an admin account, launch Terminal, and paste in these two lines:
  sudo defaults write /Library/Preferences/com.apple.loginwindow \
  HiddenUsersList -array-add jim
  To unhide the account, enter this:
  sudo defaults delete /Library/Preferences/com.apple.loginwindow \
  HiddenUsersList