Update: Microsoft will be moving away from UserVoice sites on a product-by-product basis throughout the 2021 calendar year. We will leverage 1st party solutions for customer feedback. Learn more here.

Anonymous

My feedback

  1. 293 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    25 comments  ·  Azure Active Directory » Azure AD Connect  ·  Flag idea as inappropriate…  ·  Admin →
    An error occurred while saving the comment
    Anonymous commented  · 

    https://myserverissick.com/2019/01/how-to-make-azure-ad-connect-disable-expired-accounts/

    --------------------------------------------------------------------------------------------------------------------------------------------------------------------
    1. Open the Sync Rules Editor and add a new Inbound rule. Give it an appropriate title, and set the precedence to something smaller than 100 so that it is a higher priority than the built-in rules.

    2. Click next and create 4 clauses as below.
    accountExpires : ISNOTNULL (ignore accounts without an expiry value)
    userAccountControl : ISBITNOTSET : 2 (ignore disabled accounts)
    accountExpires : GREATERTHAN : 0 (ignore non-expiring accounts)
    accountExpires : LESSTHAN : 9223372036854775807 (ignore non-expiring accounts)

    3. Click next twice and add a transformation as below.
    Expression : accountEnabled : IIF(([accountExpires])<NumFromDate(Now()),False,NULL)
    --------------------------------------------------------------------------------------------------------------------------------------------------------------------

Feedback and Knowledge Base