axinthefield: Comparing AX and Active Directory User Accounts - DAX Blogs

Blog bot · 02.05.2012, 13:11

Источник: http://blogs.msdn.com/b/axinthefield...-accounts.aspx
==============

I was recently working with an AX 2009 customer who wanted to compare the user accounts configured in AX with the user accounts in Active Directory. The basic goals were:

Find all AX user accounts that no longer exist in Active Directory.
Find all accounts that are disabled in Active Directory but not in AX.

It would be great if AX would flag these scenarios for you, but unfortunately it doesn't. If you’re interested in knowing if you have any orphaned accounts or accounts that should probably be disabled in AX, here’s a quick way to do just that.

Export AD users to a CSV file. I used a PowerShell command for this step. The command I used requires the Active Directory Module for Windows PowerShell. This is installed by default on domain controllers, but it is also available via the Remote Server Administration Tools for Windows 7 if you want to run it from a workstation instead. http://www.microsoft.com/download/en/details.aspx?id=7887
Create a table for the AD user details. I created a new table in the AX database to store the AD user account details so I could easily join this information to the AX user details already stored in the database.
Load the contents of the CSV file into the table. I used a bulk insert statement to load the data from the CSV file created in step 1 into the table created in step 2.
Query the table for your results. I used 2 simple queries that joined the AD user account table with the AX userinfo table to get the information I needed.

NOTE: See the attached text file for the exact PowerShell commands and SQL statements I used.

In the one real world scenario (AX 2009) that we looked at, AX had 112 orphaned accounts and there were another 75 accounts that were disabled in AD but not in AX.

This procedure should work for both AX 4.0 and 2009. The userinfo table still exists in AX 2012, so the comparison should work with this version too, but there might be some scenarios such as flexible authentication that throw the results off. That's something I haven't really looked into yet.

Источник: http://blogs.msdn.com/b/axinthefield...-accounts.aspx

Похожие темы
Тема	Автор	Раздел	Ответов	Посл. сообщение
emeadaxsupport: In Microsoft Dynamics AX 2012 the Default account setup Lookup form is listing Main Accounts from all Company Accounts rather than just active Company Accounts	Blog bot	DAX Blogs	0	20.03.2012 19:11
axinthefield: Dynamics AX Event IDs	Blog bot	DAX Blogs	0	01.03.2011 22:11
daxdilip: Whats New in Dynamics AX 2012 (A brief extract from the recently held Tech Conf.)	Blog bot	DAX Blogs	7	31.01.2011 12:35
Pawan's Ax blog: Run AIF Without Active Directory	Blog bot	DAX Blogs	0	19.04.2010 11:05
Inside Dynamics AX 4.0: The Security Framework	Blog bot	DAX Blogs	0	31.10.2007 11:40