Hello,
is there a way to automatically disable disabled AD users in Commvault as well? Best would be to delete it automatically after a time, as well as delete users as well. Is it possible to automate this?
In an environment with a lot of dynamic users some users are not active in AD anymore but active in Commvault. If such a user is known and has higher rights, it could be reactivated oder recreated by an attacker in AD and used covertly. We would like to prevent this possibility.
As discussed here (User Group properties - AD groups user not removed after removing | Community (commvault.com)), we like to delete the user from the User list overwiew, not from the ad group association which is refreshed an every login attemp as i understand.
Additionally, an idea of mine would be an authorization workflow that needs to be accepted to allow any new user or user with a defined last login time.
Thanks for your experiences and ideas.
Christo