Steps for deleting a user account
To delete a user account
- In the console tree, locate and select the folder that contains the user account.
- In the details pane, right-click the user account, and then click Delete.
- You can delete multiple user accounts at a time: Select the accounts, right-click the selection, and click Delete. To select multiple accounts, press and hold down CTRL, and then click each account.
- Once a user account has been deleted, all permissions and memberships associated with that user account are permanently deleted. Because the security ID (SID) for each account is unique, a new user account with the same name as a previously deleted user account does not automatically assume the permissions and memberships of the previously deleted account. To duplicate a deleted user account, all permissions and memberships must be manually recreated.
- You can deprovision user accounts as follows: Select one or more accounts in the details pane, right-click the selection, and then click Deprovision.
- You can use the Find function of Active Roles in order to locate the user accounts you want to delete or deprovision. Once you have found the user accounts, you can proceed as follows: Select the accounts in the list of search results, right-click the selection, and click Delete or Deprovision.
- When deleting a user account, you may encounter an error message stating that access is denied. A possible cause of this error is that the user account is protected from deletion. To delete a protected user account, you should first go to the Object tab in the Properties dialog box for that user account, and clear the Protect object from accidental deletion check box.
Deprovisioning a user account
Active Roles provides the ability to deprovision rather than delete or only disable user accounts. Deprovisioning a user refers to a set of actions that are performed by Active Roles in order to prevent the user from logging on to the network and accessing network resources such as the user’s mailbox or home folder.
The Deprovision command on a user account updates the account as prescribed by the deprovisioning policies. Active Roles comes with a default policy to automate some commonly-used deprovisioning tasks, and allows the administrator to configure and apply additional policies.
Steps for deprovisioning a user account
To deprovision a user account
- In the console tree, locate and select the folder that contains the user account you want to deprovision.
- In the details pane, right-click the user account, and then click Deprovision.
- Wait while Active Roles updates the user account.
- You can deprovision multiple accounts at a time. Select two or more user accounts, right-click the selection, and then click Deprovision.
- The Deprovision command is also available in the Active Roles Web Interface.When you click the Deprovision command, the operation progress and results are displayed. When the operation is completed, Active Roles displays the operation summary, and allows you to examine operation results in detail.
- On a deprovisioned user account, you can use the Deprovisioning Results command to view a report that lists the actions taken during the deprovisioning of the account. For each action, the report informs about success or failure of the action. In the event of a failure, the report provides a description of the error situation.
- If a deprovisioned user account needs to be restored (for example, if a user account has been deprovisioned by mistake), the account can be reset to the state it was in before the deprovisioning occurred. This can be accomplished by using the Undo Deprovisioning command on the deprovisioned account.
Restoring a deprovisioned user account
Active Roles provides the ability to restore deprovisioned user accounts. The purpose of this operation, referred to as the Undo Deprovisioning operation, is to roll back the changes that were made to a user account by the Deprovision operation. When a deprovisioned user account needs to be restored (for example, if a user account has been deprovisioned by mistake), the Undo Deprovisioning operation allows the account to be restored to the state it was in before the changes were made.