サポートと今すぐチャット
サポートとのチャット

Active Roles 8.0.1 LTS - Console User Guide

Introduction Getting started User or service account management Group management Computer account management Organizational Unit management Contact management Exchange recipient management

Deleting a user account

To delete user accounts, select them, right-click the selection, and click Delete. Then, click Yes to confirm the deletion. If you select multiple user accounts, clicking Delete displays the Delete Objects dialog. To delete all the selected accounts, select the Apply to all items check box, and then click Yes.

NOTE: Deleting a user is a destructive operation that cannot be undone. If you re-create the deleted user account later, the new user will not receive automatically the same permissions and memberships that the deleted user had. Instead, you must assign the previous memberships manually. For this reason, One Identity recommends disabling users rather than deleting them.

How to delete a user account

You can delete Active Directory user accounts with the Active Roles Console.

To delete a user account

  1. In the Console tree, locate and select the folder that contains the user account you want to delete.

  2. In the details pane, right-click the user account, then click Delete.

NOTE: Consider the following when deleting a user account:

  • You can delete multiple user accounts at the same time by selecting the accounts, right-clicking the selection, and clicking Delete. To select multiple accounts, press and hold CTRL, then click each account.

  • Once a user account is deleted, the permissions and memberships associated with that user account are also permanently deleted. Because the security ID (SID) for each account is unique, a new user account with the same name as the previously deleted user account does not automatically receive the permissions and memberships that the previously deleted account had. To duplicate a deleted user account, you must re-create all permissions and memberships manually.

  • Instead of deleting user accounts, you can also deprovision them by selecting the accounts, right-clicking the selection, then clicking Deprovision.

  • To locate user accounts for deletion or deprovisioning, use the Find function of Active Roles. Once you found the users, delete or deprovision them by selecting the accounts in the list of search results, right-clicking the selection, and clicking Delete or Deprovision.

  • When attempting to delete a user account, you may receive an error message that access is denied to the user. This can typically occur if the user is protected from deletion. To remove this protection, navigate to the Properties > Object tab of the user you want to delete, then clear the Protect object from accidental deletion check box. After that, try deleting the user again.

Deprovisioning a user account

Active Roles provides the ability to deprovision rather than delete or only deactivate user accounts. Deprovisioning a user refers to a set of actions that are performed by Active Roles in order to prevent the user from logging on to the network and accessing network resources such as the user’s mailbox or home folder.

The Deprovision command on a user account updates the account according to the deprovisioning policies. Active Roles comes with a default policy to automate some commonly-used deprovisioning tasks, and allows the administrator to configure and apply additional policies.

How to deprovision a user account

You can deprovision Active Directory user accounts with the Active Roles Console.

To deprovision a user account

  1. In the Console tree, locate and select the folder that contains the user account you want to deprovision.

  2. In the details pane, right-click the user account, then click Deprovision.

  3. Wait while Active Roles updates the user account.

NOTE: Consider the following when deprovisioning a user account:

  • You can deprovision multiple accounts at a time. Select two or more user accounts, right-click the selection, then click Deprovision.

  • The Deprovision command is also available in the Active Roles Web Interface. When you click the Deprovision command, the operation progress and results are displayed. When the operation is completed, Active Roles displays the operation summary, and allows you to examine operation results in detail.

  • On a deprovisioned user account, you can use the Deprovisioning Results command to view a report that lists the actions taken during the deprovisioning of the account. For each action, the report informs about success or failure of the action. In the event of a failure, the report provides a description of the error situation.

  • If a deprovisioned user account needs to be restored (for example, if a user account has been deprovisioned by mistake), the account can be reset to the state it was in before the deprovisioning occurred. This can be accomplished by using the Undo Deprovisioning command on the deprovisioned account.

関連ドキュメント

The document was helpful.

評価を選択

I easily found the information I needed.

評価を選択