[REWST - TASK] 365/On-Prem: Disable User Account
This workflow provides a standardized method to disable user accounts across both Microsoft 365 and on-premises Active Directory environments, serving as a critical building block in comprehensive offboarding automation chains and security incident response protocols. MSPs will find this particularly valuable during client employee departures, security breaches requiring immediate account lockdown, or compliance scenarios demanding rapid access revocation - all without requiring technicians to remember the specific steps for each environment type. Technically, the workflow validates inputs, checks applicable identity environments (Microsoft 365/on-premises), then executes the appropriate disabling action using Microsoft Graph API for cloud accounts and PowerShell via RMM for on-premises accounts, with built-in error handling for operational reliability. This automation significantly reduces the risk of missed steps during offboarding while cutting the average technician time from 15-20 minutes down to mere seconds per user deactivation.
This workflow contains 10 tasks.
Inputs
idp_config - string
One of: on_prem, hybrid_no_sync, azure_ad, on_prem_only
on_prem_id - string
On-prem ID of user to be disabled
aad_user_id - string
Entra ID of user to be disabled
Outputs
automation_log: Standardized Rewst automation log
success: Boolean; States if workflow was successful.
Key tasks
check_aad: Validation/verification
failure_catch: Core integration: noop
disable_aad_user: Microsoft Graph integration: Graph API Request
disable_on_prem: Workflows integration: [REWST - TASK] Run Powershell via RMM
check_on_prem: Validation/verification
Jinja examples
Example 1
Last updated
Was this helpful?