Successfactor to Active Directory User Provisioning for terminated users

Question

I have the following use case scenario for the SuccessFactors to Active Directory User Provisioning service.
Terminated users' accounts should be disabled at the [LatestTerminationDate], and this works fine. \o/

But there is a requirement to move terminated users to a different organization unit in AD after 14 days since the [LatestTerminationDate].
I have built a condition that sets the [parentDistinguishedName] AD attribute accordingly, but terminated users are not present in incremental sync since they have been terminated (which seems logical).
You can read more in the article How incremental sync works

Do you have any hacks or tips on how to include those terminated users in the incremental sync?

I found the API graph command which can restart the provisioning cycle.
Is there any other way than this?

Thanks in advance for any tips.

Answer 1

anonymous user

As discussed, below are the 2 options for your requirement of moving the user to the Deleted OU 14 days after the termination date,

Option 1: Run a full sync cycle every weekend, triggered by the Provisioning API - Restart endpoint (Restart synchronization Job - Microsoft Graph beta | Microsoft Learn). You can use Windows Scheduler/Azure Automation runbooks to schedule a PowerShell script that invokes this endpoint.

Option 2: Request that your SuccessFactors team set up a workflow automation/integration in SuccessFactors that will update any user/job/employment profile attribute for users who have passed the 14-day termination period. The assumption here is that this transaction in SuccessFactors will be detected as a change by the Azure AD SuccessFactors connector during the incremental cycle. This will update the user's OU in AD.

Please "Accept the answer" if the information helped you. This will help us and others in the community as well.