SNTT: Finding expired Users

hootsThursday_BLU.jpg
I note with some degree of shame that I've not done a Show and Tell for a while. Now, as I've been doing lots of infrastructure audits recently, I thought I'd pass on this particular tip.


From Notes 6 client onwards (Surely your not still running Notes 5?), every time the user authenticates, the client will occasionally send in an AdminP request to update the person document. So far, so good. This maintains a list of last logins on the person document and shows:


  • Last login date

  • Last login Notes version

  • The machine name they logged in from


In fact, it looks like:

clientinfo.png



Cool. Now one big issue I see time and time again is that sites rarely have a decent "leavers" process. When someone leaves a firm, the HR department usually conducts a leavers interview, stops their pay (This doesnt often happen - I recall a chap in Holland who came into work for a year after his team was laid off, and only surfaced when his ID badge stopped working!), removes their laptop and contacts IT to have their user accounts cancelled.


Well, sometimes the user ID is kept on for a few weeks, usually for someone to review eMails, etc. And then it gets forgotten about. And its *difficult* to find people, unless you look at each person document. Which is tedious.. So why not build a view in the directory, filtered by Form Type equals "Person", where the first column is sorted (descending) on:


@Max(ClntDate)
.
As the "ClntDate" field is a multi-value date/time field, the @Max finds the latest login (these are stored as big numbers internally). Ah-ha.


So do you just go through and delete the ones who havent logged in in a while ? Ah. No.


There are issues. You see, if you are on long-term sick leave, off having a baby, or perhaps on sabattical, then its not a good idea to just remove their eMail account. However, armed with a list, it is possible to then do a proper clean-up exercise.. So march off to HR with a printout and a highlighter pen, and get them to pick the folks who've not logged in for a while.. Then its probably safer to remove these people..