|
| 1 | +🧹 Inactive User Cleanup — ServiceNow Scheduled Job |
| 2 | +📌 Overview |
| 3 | + |
| 4 | +This script automates daily cleanup of access and assignments for inactive users in ServiceNow. |
| 5 | +It removes orphaned access, ensures task accountability, and sends an email summary upon completion. |
| 6 | + |
| 7 | +✅ Features Included |
| 8 | +🔹 Inactive Group Membership Cleanup |
| 9 | + |
| 10 | +Searches User Group Member table (sys_user_grmember) |
| 11 | +Identifies inactive users (excluding Web Service Access Only accounts) |
| 12 | +Removes them from all associated groups |
| 13 | +Logs each removal in system logs |
| 14 | +Adds removal details to the summary email |
| 15 | + |
| 16 | +🔹 Direct Role Revocation |
| 17 | + |
| 18 | +Searches User Has Role table (sys_user_has_role) |
| 19 | +Removes roles not inherited via group membership |
| 20 | +Prevents unauthorized access after deactivation |
| 21 | +Logs each role removed |
| 22 | +Included in daily summary email |
| 23 | + |
| 24 | +🔹 Task Ownership Cleanup |
| 25 | + |
| 26 | +Searches Task table (task) |
| 27 | +Finds active tasks assigned to inactive users |
| 28 | +Clears the Assigned To field without triggering workflow |
| 29 | +Adds work notes for audit traceability |
| 30 | +Logs entries + email reporting |
| 31 | +All actions skip users where: web_service_access_only = true |
| 32 | + |
| 33 | +🛠 Script Placement & Configuration |
| 34 | +Field Value |
| 35 | +Script Type ✅ Scheduled Script Execution |
| 36 | +Location Run this script section |
| 37 | + |
| 38 | +Before using in your instance, update the following in script: |
| 39 | + |
| 40 | +Line Update Required |
| 41 | +Line 56 Replace sender email in email.setFrom('xyz@service-now.com'); |
| 42 | +Line 44 Replace system property name in gs.getProperty('glide.xyz.admin.email.recipients'); |
| 43 | +🔍 System Property Required |
| 44 | + |
| 45 | +Create or update the System Property to store email recipients: |
| 46 | + |
| 47 | +Name (example) Value (example) |
| 48 | +glide.xyz.admin.email.recipients admin@example.com,user@example.com |
| 49 | + |
| 50 | +Supports single or comma-separated recipients ✅ |
| 51 | + |
| 52 | +✉️ Email Summary Includes |
| 53 | + |
| 54 | +Users removed from groups |
| 55 | +Direct roles removed |
| 56 | +Active tasks unassigned |
| 57 | +Timestamped logs for auditing |
| 58 | + |
| 59 | +📝 Work Notes Added |
| 60 | + |
| 61 | +For tasks reassigned: |
| 62 | +System Administrator removed "Assigned to" value as the user is no longer active. |
| 63 | + |
| 64 | +⚠️ Best Practices |
| 65 | + |
| 66 | +Run in sub-prod first |
| 67 | +Ensure proper backups/audit compliance |
| 68 | +Schedule at low-traffic hours |
| 69 | +Monitor logs initially for data impact |
| 70 | + |
| 71 | +🧩 Extendability Ideas |
| 72 | + |
| 73 | +You can easily modify: |
| 74 | +Email template (HTML formatting) |
| 75 | +Query filters for additional cleanup criteria |
| 76 | +Logging to include sys_id values |
| 77 | +Scheduling frequency (default recommended: Daily) |
| 78 | + |
| 79 | +🧑💻 Maintainers |
| 80 | + |
| 81 | +Feel free to update script name, System Property naming, and sender email for your organization. |
| 82 | +Pull requests & suggestions welcome! 🙌 |
0 commit comments