Integrate APM Sessions with AD Account Management
Problem this snippet solves:
This iApp will query Active Directory for any locked-out or disabled accounts as well as accounts that have changed their passwords in the last n-minutes. It will then delete any APM sessions these users may have. This was created for a large Hospital in the Texas Medial Center that needed to terminate external access when MS FIM disabled/locked-out an account. They also wanted to cover the use case of a device is lost/stolen so the user's password is changed to prevent unauthorized access.
Things to note
The LDAP query only looks for accounts that have a http://support.microsoft.com/kb/305144 userAccountControl value of 514. If you're using other types (such as password never expires) you'll need to update this value.
Code :
45221
Published Mar 11, 2015
Version 1.0Cody_Green
Employee
Joined December 29, 2011
Cody_Green
Employee
Joined December 29, 2011
- Walter_KacynskiCirrostratussession.user.starttime is a standard field as of 11.5.0 and 11.6.0 at least. There should be no need for session.custom.session_create_time