User or account still shows up on machine even though unix enabled is unchecked
When you uncheck the unix enable box for the user,the account's shell is set to /bin/false and this denies access to the machine. However by design the account stays on the system, the other AD attributes remain for accounting purposes.
To completely remove the account from the system, at least one of the following attributes must be cleared:
uidNumber
gidNumber
loginShell
unixHomeDirectory
The command to list out the attributes for the account is the following:
/opt/quest/bin/vastool -u host/ attrs <username>
This can be done in a few different ways:
1 - You could click on clear attributes button will remove the attributes from AD. After clearing the attributes do a vastool flush command.
2 - AD admin edit the attributes in Microsoft ADSI edit and take away the value of the following attributes for the account:
uidNumber
gidNumber
loginShell
unixHomeDirectory
3 - Use the following vastool command to remove the attribute:
/opt/quest/bin/vastool -u <administrator> setattrs -r <account name> <attribute name>
© 2023 One Identity LLC. ALL RIGHTS RESERVED. Feedback Terms of Use Privacy Cookie Preference Center