Community

Automatically Delete Level 1 Named Users if not active in Active Directory

2276
5
04-22-2019 03:52 PM
Status: Open
Greg_Mattis
by
Occasional Contributor II

We use Active Directory as our Enterprise Login Provider. When a user is disabled or removed in Active Directory, they aren't removed from the list of users in ArcGIS Enterprise. I understand not removing a Level 2 named user as they may own items or groups. But since Level 1 Named Users cannot own data or groups, it would be helpful in order to keep a clean list of users to either have the system automatically when they no longer appear in the Enterprise Login Provider or build into the Python API the ability to query the users that no longer exist in the identity provider.

5 Comments
Greg_Mattis
by
‎04-22-2019 03:55 PM

Thomas Edghill

MatthewStull1
by
‎05-12-2020 11:54 AM

Yes, this would be VERY helpful!!  We are implementing Cityworks and it will be using our Enterprise ArcGIS Online users; which will create a LOT of AGOL user accounts (current we are at 646 out of 1,000 available and we don't want to go over our 1,000 user limit).  We really need to be able to remove users who are no longer in our Active Directory system from AGOL (this would typically be users who have retired or left employment).  I am doing this manually for now but it would be great if there was a tool that would do it automatically.

Greg_Mattis
by
‎05-13-2020 03:20 PM

Hi Matt,

As a work around right now, I am running the script outlined here: How To: Batch remove inactive users in Portal for ArcGIS using ArcGIS API for Python  every month or so in order to delete level 1 named users who haven't logged on in 1 month. Do you think this could work for you in the interim? 

Pei-SanTsai
by
‎02-22-2021 12:07 PM

I'm also looking for removing Level 1, Viewer users from the ArcGIS Enterprise that are only disabled and/or inactive user account from the Active Directory.  I still want to keep active AD users that never launched portal at this moment.  I would like to know if there's any script will look for the disable/inactive AD users and then remove the user from the Portal?

YatharthSah
by
‎06-28-2021 08:20 AM

There is actually a script we have written in house to automate this activity.

Users who have never logged in since the past 90 days are disabled(if they have content) or deleted if they dont have any content . This is done for both Level 1 and Level 2 users.

 

This maintains the usercount on Portal and reducing manual efforts.

Yatharth(sahyatharth@gmail.com)