Example script: Locking user accounts

An example script to lock user accounts if the user is not active in the LDAP directory or the user does not have self-service, itil, or admin access to the instance.

The following business rule script locks user accounts if the user is not active in the LDAP directory or the user does not have self-service, itil, or admin access to the instance:
// Lock accounts if bcNetIDStatus != active in LDAP and user does not  
// have self-service, itil or admin role 
var rls = current.accumulated_roles.toString(); 
if(current.u_bcnetidstatus == 'active' && (rls.indexOf(',itil,') > 0 || 
  rls.indexOf(',admin,') > 0 || 
  rls.indexOf(',ess,') > 0 )) { 
  current.locked_out = false; } 
else { 
  current.locked_out = true; } 

var gr = new GlideRecord("sys_user"); 
gr.query(); 
while(gr.next()) { 
  gr.update(); 
  gs.print("updating " + gr.getDisplayValue()); 
}