Return
-
Title
Disabling Employee account in Identity Manager removes user account in Active Directory -
Description
When an Employee account is disabled in Identity Manager (both permanently and temporarily), the corresponding Active Directory (AD) account is removed from the target system and the ADSAccount is deleted in the database.
Can this behaviour be overridden? For example, disable the ADSAccount instead of deleting it? -
Resolution
This is the default behaviour, but it can be changed. You can define the desired behaviour in the settings of the account definition, e.g.:
If the Employee is disabled permanently or temporarily then the Account definition will remain associated with the Employee and the ADSAccount will be disabled, but not removed from the database or AD.