How to delete a group
You can delete Active Directory groups with the Active Roles Console.
To delete a group
-
In the Console tree, locate and select the folder that contains the group you want to delete.
-
In the details pane, right-click the group, then click Delete.
NOTE: Consider the following when deleting a group:
-
Deleting a group is a destructive operation that cannot be undone. Once a group is deleted, all permissions and memberships associated with that group are lost. Creating a new group with the same name as the deleted group does not automatically assign the permissions and memberships of the previously deleted group. Instead, you must manually re-create all permissions and memberships.
-
The confirmation message box displayed by the Delete command prompts you that you can deprovision rather than delete groups. The deprovision operation refers to a set of actions performed by Active Roles in order to prevent the use of there group. Active Roles comes with a default policy to automate some commonly-used deprovisioning tasks, and allows the deprovision policies to be adjusted as needed.
-
To deprovision a group, right-click the group in the details pane, and click Deprovision.
-
To locate groups for deletion or deprovisioning, use the Find function of Active Roles. Once you found the groups, delete or deprovision them by selecting the accounts in the list of search results, right-clicking the selection, and clicking Delete or Deprovision.
-
When attempting to delete a group, you may receive an error message that access is denied to the group. This can typically occur if the group is protected from deletion. To remove this protection, navigate to the Properties > Object tab of the group you want to delete, then clear the Protect object from accidental deletion check box. After that, try deleting the group again.
Deprovisioning a group
Active Roles provides the ability to deprovision rather than delete groups. Deprovisioning a groups refers to a set of actions that are performed by Active Roles in order to prevent the use of the group.
The Deprovision command on a group updates the group object in Active Directory as prescribed by the deprovisioning policies. Active Roles comes with a default policy to automate some commonly-used deprovisioning tasks, and allows the administrator to configure and apply additional policies.
How to deprovision a group
You can deprovision Active Directory groups with the Active Roles Console.
To deprovision a group
-
In the Console tree, locate and select the folder that contains the group you want to deprovision.
-
In the details pane, right-click the group, then click Deprovision.
-
Wait while Active Roles updates the group.
NOTE: Consider the following when deprovisioning a group:
-
You can deprovision multiple groups at a time. Select two or more groups, right-click the selection, then click Deprovision.
-
The Deprovision command is also available in the Active Roles Web Interface.
-
When you click the Deprovision command, the operation progress and results are displayed. When the operation is completed, Active Roles displays the operation summary, and allows you to examine operation results in detail.
-
On a deprovisioned group, you can use the Deprovisioning Results command to view a report that lists the actions taken during the deprovisioning operation. For each action, the report informs about success or failure of the action. In the event of a failure, the report provides a description of the error situation.
-
If a deprovisioned group needs to be restored (for example, if a group has been deprovisioned by mistake), the group can be reset to the state it was in before the deprovisioning occurred. This can be accomplished by using the Undo Deprovisioning command on the deprovisioned group.
Restoring a deprovisioned group
Active Roles provides the ability to restore deprovisioned groups. The purpose of this operation, referred to as the Undo Deprovisioning operation, is to roll back the changes that were made to a group by the Deprovision operation. When a deprovisioned group needs to be restored (for example, if a group has been deprovisioned by mistake), the Undo Deprovisioning operation allows the group to be restored to the state it was in before the changes were made.