Microsoft Dynamics AX 2012 User Management
Posted on: September 28, 2015 | By: Jarrod Kraemer | Microsoft Dynamics AX/365
Written by Craig Leska – Sr. Technical Consultant at Logan Consulting
Oftentimes, the daily administration tasks within Microsoft Dynamics AX 2012 (AX) gets overlooked, which can lead to compliance and licensing issues down the road. Dynamics AX user information comes from Active Directory (AD) and as long as the user is enabled in AD they will have access to AX, if that is also enabled. If the user is disabled in AD, they will not have access to AX; however, the user will still consume a license and may be in violation of the Sarbanes Oxley (Sox) compliances. It is best practice to adopt the Sox compliances, even if you are not a public entity.
Why not automate the process? Disabling the user within AX can be set up as a batch process by adding a small piece of code. I will walk through the process of how to accomplish this.
|
|
|
In this example the following users with the red “X” are disabled in Active Directory. However, these users are still consuming a license within AX. |
|
|
|
Running the code manually will result in this Infolog. |
|
|
|
Confirmed the users are disabled. |
The project can be emailed to you by sending a request to info@loganconsulting.com.
Import and merge the project into your environment. Consult your partner if you are unsure how to do this. Follow best practices and create the appropriate labels.
Once the code has been merged, compiled and a CIL has been generated, the batch job can be added and scheduled per your policy.
To create the batch job:*
· In System administration/Inquiries/Batch jobs/batch jobs
· Press CTRL+N for a new job
· Enter the description of “Disable AX users based on AD status”
· Set the schedule in the scheduled start data/time field
· Press CTRL + S to save the job
· Click the recurrence button and set the interval
· Set an alert if desired
Add the task
· Select the batch job you just created
· Click view tasks button
· Press CTRL+N for a new task
· Enter the description of Disable users
· Enter DAT for company accounts
· In the class name enter DisableAXUsersByADStatus
· Select the batch group this would run under
· Press CTRL+S to save and close the task
· Set the task from Withhold to Waiting
· Close the task and that is all
|
|
|
Finished batch job and task |
How it works:
When the batch job runs it will query AD. If it finds any AX users who are enabled in AX but disabled in AD, the job will disable the user AX as well. This is a one way replication. If the user gets re-enabled in AD, they will have to be manually enabled in AX.
If you are using the HR module and have the user set to a worker you will need to terminate the worker. However, by running this job you are in alignment with the Sox compliance measures and keeping your AX licensing in check.
Note: This project has been tested in AX2012 RTM, R2 and R3.
*Per TechNet https://technet.microsoft.com/en-us/library/gg213151.aspx
For additional information, or if you have financial questions about entities in foreign currencies within AX, please feel free to reach out to us at info@loganconsulting.com or (312) 345-8817.
All the best!
Logan Consulting
www.loganconsulting.com