Deleted users are purged only when the cache is flushed or the deleted user tries logging back in. This may result in number of cached users exceeding the licensed limit of users, and syslog interfaces showing error messages.
Using delusercheck-interval option in vas.conf will address this issue. The delusercheck-interval option will enable the execution of a utility that scans Active Directory for the existing users, and then purges all deleted users from the local cache. The value of this option is the interval in minutes that the delusercheck script should be run. You will need to test and evaluate the load and decide the optimal setting for your network.
For example, you can set it to run every 4 hours by running the following command:
/opt/quest/bin/vastool configure vas vasd delusercheck-interval 240
© 2024 One Identity LLC. ALL RIGHTS RESERVED. Feedback Terms of Use Privacy Cookie Preference Center