We are attempting to do some clean up in Lawson Security / Active Directory.
I don't have much experience with querying against AD or ATOMS in LDAP, but has anyone developed a sql query that allows visibility of users that have been termed in HR11 in the last 30 days then compare that to any LDAP information so we can display what AD accounts should be inactivated?
Currently, we use a manual process in which we take a similar query below and security manually inactivates users in ActiveDirectory.
SELECT E.EMPLOYEE , E.FIRST_NAME , E.LAST_NAME , E.TERM_DATE FROM EMPLOYEE E WHERE E.EMP_STATUS IN ('TE','TP') AND E.TERM_DATE BETWEEN DATEADD(DAY, -30, GETDATE()) AND DATEADD(DAY, 0, GETDATE()) ORDER BY E.TERM_DATE ASC
Any best practices for "terming" people in Lawson Security would be helpful also. We currently delete the users out of the LSA tool once the term is generated.