Re: Active Directory Users arent removed from WS1

madasafishuk · ‎10-09-2020

Has anyone else seen this problem.

We use AD Groups, and use these to manage access to different OG's and also Profiles, but when a user leaves and we remove them from the AD Group, they are not then removed from WS1 and in some instances they reappear in the WS1 Console.

chengtmskcc · ‎10-09-2020

What if you sync the group in WS1 manually after the user leaves the organization? Does he/she get removed from the group?

madasafishuk · ‎10-09-2020

We have tried that....

The users are no longer in the Group, have been moved to our Disabled Users OU in AD, and yet the still exist, its very odd

AaronWhittaker · ‎10-10-2020

We have seen this as well, it also happens if you sync a user into WS1 and then move the OU they are in and sync again. We find that that will actually create a duplicate record.

We have spoken to support about this and the reason for not removing (as told to us anyway) was that it was considered 'dangerous' to automatically remove accounts as you could accidently remove your admin account and therefore no longer be able to access the console. To me that is a little bit like disabling something that could happen 1/1000 but also prevents something that could happen daily in large enough organisations.

I have on my list writing a script that will go and remove those users. It will confirm with AD that they have ben disabled/removed and then remove them from the console. Its pretty low on the list though so dont know when ill get time to get to it.

mike08 · ‎01-01-2022

Hi Aaron,

Did you get anywhere with the script? Something that you could share?

Much appreciated.

AaronWhittaker · ‎03-02-2022

Not yet no, the 'to do' list always gets longer, never shorter it seems.

All

Active Directory Users arent removed from WS1

Enterprise Integration