Symantec Access Management

CA SSO dormant account list 

04-24-2017 10:05 PM

Hi all


I got a request to extract dormant account list from CA SSO User DB and upload cvs fille into CA Identity manager to delete it. Due to limited program skill and time, I have used existing command and perl script. 


It has 3 parts. 


Step 1. Extract User id from LDAP server (must be executed where dxsearch command is available.)
Step 2. Get last login from CA SSO server (Must be executed in CA SSO Server)
Step 3. Extract user list that did not login xx days (default 356 days)


To test it your environment, download file and extract file.


Open "DormantAccount_generation.bat" and change it accordingly.  

  • LDAP connection information (It can be executed where CA LDAP is installed because it uses dxsearch command.)
    • dxsearch -L -h -b "ou=Customers,dc=ForwardIncExternal,dc=ca" -D <bind_dn> -w <password> "(objectclass=person)" uid | findstr "uid: " > .\work\temp.txt
  • Change Perl paramater (It uses CA SSO Perl SDK. So, it should be executed in CA SSO server itself.)
    • perl <sso admin ID> <sso_admin_password> "Client LDAP User Store" .\work\userlist.txt>.\work\lastlogininfo.txt
  • Change time period (User list did not login last <days>
    • call run.bat ..\work\lastlogininfo.txt ..\DormantUserlist.csv <days>




Step1 should be executed where desearch (CA LDAP) command is available.

Step2 should be executed where CA SSO server is installed server.


It is just developed for POC purpose. When it is converted into Java, it can be executed from any location. I hope that someone who is familiar with java program can migration this one into java based code.


Batch Job execution result



Last login record



Sample dormant account list, which can be used for IDM bulk task for user deletion. 




Kind regards




This document was generated from the following discussion: CA SSO dormant account list

0 Favorited
1 Files
zip file   16 KB   1 version
Uploaded - 05-29-2019

Tags and Keywords


05-01-2017 02:40 PM

Thank you for sharing this with the community!

CA SSO dormant account list 

Related Entries and Links

No Related Resource entered.