So we're working on a integration project between a SaaS application that creates users, and ADMP (ADManagerPlus) which does the AD creation.
For the most part we have the creation of users working, but we're trying to figure out how to modify the AD account group membership once that user falls off of the API Report from the SaaS application.
Working Scenario 1:
- User information gets entered into the SaaS product (username, first/last name, email, employee category (eg. Full Time or Part Time)
- When the ADMP task runs to create the AD accounts, it looks to the Custom HCM API report
- Creates an AD account with the mentioned values
- The employee category translates to AD Group (eg. memberOf = Full Time or Part Time)
This scenario works fine for creation. However when the employee leaves/terminated, we want to keep the AD account around but remove them from the AD group (Full Time or Part Time). This is where we're running into an issue
Failing Scenario 1:
- User that was created in previous step is terminated in SaaS application, which removes them from the Custom HCM API Report
- WHAT WE NEED TO FIGURE OUT:
- Remove this user from the respective AD group (eg. Full Time or Part Time)
- The issue we're having is because the user account is no longer on the report, the ADMP task won't remove this user's memberOf value
HOW DO WE configure a ADMP task to say "if user is no longer on Custom HCM API report, remove from group"?
I've attempted "Remove from group X From Report Recently Created Users 900 Days AND Data from SaaS Custom HCM API Report" but that removes all users in X-group.
We only want to remove users who no longer show on the report but are a member of X-group