-
Title
User or account still shows up on machine even though unix enabled is unchecked -
Description
User or account still shows up on machine even though unix enabled is unchecked
-
Cause
This is normal behaviour. -
Resolution
When you uncheck the unix enable box for the user,the account's shell is set to /bin/false and this denies access to the machine. However by design the account stays on the system, the other AD attributes remain for accounting purposes.
To completely remove the account from the system, at least one of the following attributes must be cleared:
uidNumber
gidNumber
loginShell
unixHomeDirectoryThe command to list out the attributes for the account is the following:
/opt/quest/bin/vastool -u host/ attrs <username>This can be done in a few different ways:
1 - You could click on clear attributes button will remove the attributes from AD. After clearing the attributes do a vastool flush command.
2 - AD admin edit the attributes in Microsoft ADSI edit and take away the value of the following attributes for the account:uidNumber
gidNumber
loginShell
unixHomeDirectory3 - Use the following vastool command to remove the attribute:
/opt/quest/bin/vastool -u <administrator> setattrs -r <account name> <attribute name>