I was recently working with an AX 2009 customer who wanted to compare the user accounts configured in AX with the user accounts in Active Directory. The basic goals were:
It would be great if AX would flag these scenarios for you, but unfortunately it doesn't. If you’re interested in knowing if you have any orphaned accounts or accounts that should probably be disabled in AX, here’s a quick way to do just that.
NOTE: See the attached text file for the exact PowerShell commands and SQL statements I used.
In the one real world scenario (AX 2009) that we looked at, AX had 112 orphaned accounts and there were another 75 accounts that were disabled in AD but not in AX.
This procedure should work for both AX 4.0 and 2009. The userinfo table still exists in AX 2012, so the comparison should work with this version too, but there might be some scenarios such as flexible authentication that throw the results off. That's something I haven't really looked into yet.
This is nice but a way too complex. Here's a sample job that does the same:
while select userInfo
dirPath = strfmt(@"WinNT://%1/%2,User", userInfo.networkDomain, userInfo.networkAlias);
dirObject = COM::getObjectEx(dirPath);
userAccControl = dirObject.get(#UserAccountControl);
if (bitTest(userAccControl, #UF_ACCOUNTDISABLE))
info(strfmt("%1@%2 disabled in AD, but not in AX", userInfo.networkAlias, userInfo.networkDomain));
dirObject = null;
warning(strfmt(@"%1@%2 - not found", userInfo.networkAlias, userInfo.networkDomain));
info(strfmt(@"Total: %1, not found: %2, disabled in AD, but not in AX: %3", numTotal, numNotFound, numDisabled));
Dynamics Ax has built in classes for that kind of queries.
Use class 'xAxaptaUserManager' and class 'xAxaptaUserDetails' for this. A simple query of the users and calling these classes to get the details does the trick. No need to complicate things.
Wrote once a Job to update the SID after a Domain change, but you could also use it to Sync the active accounts between AD and AX
static void ChangeDomain(Args _args)
doUpdate = Box::yesNo("User aktualisieren?", DialogButton::No) == DialogButton::Yes;
axUsrMgr = new xAxaptaUserManager();
while select forupdate userInfo
axUsrDet = axUsrMgr.getDomainUser(#NewDomain,userInfo.networkAlias);
if(userInfo && axUsrDet)
oldSID = userInfo.sid;
userInfo.networkDomain = #NewDomain;
userInfo.sid = axUsrMgr.getUserSid(userInfo.networkAlias, #NewDomain);
error(strfmt("Nicht gefunden", userInfo.networkAlias));