Lock user accounts

You can lock user accounts if the user is not active.

The following business rule script locks user accounts if the user is not active in the LDAP directory or the user does not have self-service, itil, or admin access to the instance.
// Lock accounts if bcNetIDStatus != active in LDAP and user does not  
// have self-service, itil or admin role 
var rls = current.accumulated_roles.toString(); 
if(current.u_bcnetidstatus == 'active' && (rls.indexOf(',itil,') > 0 || 
  rls.indexOf(',admin,') > 0 || 
  rls.indexOf(',ess,') > 0 )) { 
  current.locked_out = false; } 
else { 
  current.locked_out = true; } 

var gr = new GlideRecord("sys_user"); 
gr.query(); 
while(gr.next()) { 
  gr.update(); 
  gs.print("updating " + gr.getDisplayValue()); 
}