I'd like JAMF to notify me when a user is moved to the "Disabled" OU in AD, this way I will know when a Mac user has left the business and I can begin chasing down their device.
I have tried changing the LDAP settings for "Position" mapping to "memberOf" however since the user never logs into the device after being terminated the inventory doesn't get updated.
How can I get JAMF to query LDAP for users in the "Disabled" OU?
@notverypc but what triggers this LDAP lookup? If it is a Computer Inventory EA will it not only be triggered when a user is logged in and the device does an Inventory Update?
What if the device is say handed to their manager, placed in a drawer then the leaving users account is moved to the disabled OU? The device remains in the drawer and will not check in to trigger the Inventory Update right?
Or am I completely misunderstanding the functions of JAMF here?
Bug with this process.
From my testing, if the Account doesn't exist in LDAP, the EA will not change. So if a user gets Deleted instead of Disabled, JAMF will continue to show the same AccountControl ID from the last time the account existed. It doesn't appear to zero out the entry which would be better than leaving it as is.