mass delete users?

<!-- Converted from text/plain format -->

Do you have ProcessFlow Integrator?  I use the ResourceUpdate node in a loop (using a file input or SQL query, etc. )
John Henley

No, the customer does not have Integrator.

 

I created a script with Auto-It to open Security Administrator on a windows PC - it was crude but got the job done.

I used autohotkey, a free scripting program, to help me mass delete users.  We dont have PF Integrator either.

Or you can call the same comands that the Security Administrator does.

Kwane
954.547.7210

What commands are they?

Sorry for the delays in responding, I'm out of the country on family emergency, but the answer your question, you could emulate what the security client does. I won't answer in detail on how to do that, as that is a service I charge for. The basic jist is that the security client performs actions via a hidden API that isn't integrated into the client itself.

We are looking to remove all users from LDAP/ADAM to remigrate them (we are currently in test and moving from 8.0.3.7 to lsf9). We do not have a backup of the LDAP/ADAM post install, but have Logan and Gen backups. I've read various options, I'm not a script writer and that answer is making me nervous. We do not have PFI.

Could we use the isdelete PROFILE command and just run this for all 1700 profiles that we want to remove (we don't want to remove the system ones..).

I do not want to go into User Maint and delete each of these 1700 users, but using backend tools is making me nervous that I'll may miss an piece or data item.

Any suggestions?

Beverly - I agree with Kwane on this one.

I also wrote a script that emulates what LSA does. Essentially it emulates you going to LSA and doiing manual deletes without LSA itself.

Note that there are limits as in many cases environment will only allow you to delete 1000 users, and then will require restart (that will apply to manual deletions as well).

We also provide this as a service, so I cannot post the script here.

The other alternative is ProcessFlow Integrator - as John suggested (I saw that you do not have it, but it might be a good investment). Note that 1000 deletions limit will apply here as well

Thanks for the responses. Will these scripts allow me to delete all but 5 of the users (i.e. I'd have the id in the script somewhere?)

How much is the fee for the script?

I can be reached at 904 244 9252

FYI, there is a new -u flag in loadusers in 9.0.1.4 to delete users.

loadusers has a -u switch now for user removal beginning with 9.0.0.7

I am looking for a method to clean out records left behind in Lawsons Ldap for inactive accounts. When we terminate an employee, their AD record is inactivated but still shows in RM. We are running LDF 9.009, Adam and are bound to AD. Would loadusers -u fix this and is there any documentation on it? If not is there any other Lawson approved method? Thanks.

Joe,

As far as I know, there is no Lawson-provided way to detect "orphans" (i.e. exist in Lawson security but not ldapbind/corporate LDAP.

The only Lawson-supported way to remove them are 1) via the Lawson Security Administrator (one by one), or 2) via an XML file and the loadusers command with a remove flag.

Orphan detection is one of the features I'm offering in this tool:
https://www.danalytics.co...ecurityExaminer.aspx
I will probably add the capability to create the loadusers XML file.