Deleting users in MDM

Hi All,
I have a req where my MDM users are also maintained in the LDAP databse.
Now i want that whenever any user moves out of the company,his/her name is removed out of the LDAP directory.
On similar lines i want that using some kind of logic either through JAVA api or ABAP apis. this information be fetched form the LDAP server and call the delete function on the corresponding users in MDM.
I know this is possible but need to know how to do it and whether ABAP /JAVA apis should be used as we need to connect LDAP server to MDM server so not sure if ABAP or JAVA can be used.
Due to other complication in integrating MDM to LDAP directly in 5.5 we do not wish to go with the MDM-LDAP integration but try using the APIs instead as it is only for a simple users authentication request.
Please suggest
Thanks
AJ

The best way to achieve this will be with the API's. You could probably develop a web service that deletes users based on user id, and then call that from your LDAP solution.
The obvious problem is that if the user is involved in a workflow, has records checked-out, has records created by or is the owner of validations or assignments, then you cannot delete that user.
Best is to flag the user as inactive.
Regards

Similar Messages

Snow Leopard Server - Can't delete users in WGM?

Hi!
I have 2 Mac OS X Server 10.6.4 machines. One is an OD-master and the other is a replica. Since last week I haven't been able to delete user accounts in WGM. It doesn't give me any error and at first glance it looks like the account is deleted, but the account pops up again when searching for that user i WGM.
I also noticed that Server Admin freezes and need a force quit when I click the "Settings" tab for det OD-service.
I suspect the two problems are related somehow, but I can't figure out how to fix them. I've read through a couple of forum posts here but couldn't find anyone with a similar question/problem.
Changing passwords and other settings work fine on user accounts. The syncing between OD master and Replica also works.
The problem is identical on both machines. Deleting accounts doesn't work and Server Admin crashes when checking the "settings" tab on the OD-service.
Has anyone got a clue what I should do och look for?

I managed to solve the problem a couple of days ago. This is what I did.
At first I thought Server Admin crashed when choosing the OD-service, but I was mistaken. It didn't crash, just stalled for a long time (up to 20 minutes as soon as I clicked on something in the OD-service).
My main concern was that my latest OD-backup was a month old and I really wanted a fresh archive before I tried to rebuild the OD-master. So if you already have a working archive you can skip the next part.
Another problem was that the archive-feature did not work at all on any of my two servers.. I could reach the archive-function (with 20 minutes delay on each click) but it resulted in no archive and didn't give me any errors, so I'm glad I checked to see that an archive was actually made. So I promoted my replica to an OD-master and after that Server Admin didn't freeze for 20 minutes any more in the OD-service and the archive function worked again. So I did a fresh archive.
Now that I had a fresh OD-archive I demoted the (original) OD-master to a Standalone server. Then made it an OD-master again and imported the OD-archive I made from the replica. Everything worked fine and I could delete users again and Server Admin didn't freeze any more. I hooked up the replica to the OD-master and since then I've had no problem. I hope this helps someone else with the same/similar problem.

Cannot remove deleted user from people picker - SharePoint Foundation 2010

So I think I've read all the people picker articles here and I can't find a solution so I thought I'd start a new thread. Here is the issue:
A user was deleted from Active Directory and removed from SharePoint Foundation 2010. The user was still showing in the People Picker within the site collection, so we have performed a few things to try and get rid of this user.
User is deleted from AD
User is deleted from SharePoint Site Collection
Have tried stsadm -o deleteuser
Have removed all mention of this user from UserInfo table
User does NOT show in
https://<SiteCollectionURL/_layouts/people.aspx?MembershipGroupId=0
Cannot find any mention of this user anywhere.
Ran a full crawl as we read on a forum somewhere that it might help.
If I try and add the user back to SharePoint I get "The user does not exist or is not unique"
If I try "stsadm -o deleteuser -userlogin DOMAIN\USER -url https://<sitecollectionurl>" I get "The user does not exist or is not unique"
I am not sure what else I can try now. Can anyone help?
Thanks,
Vinny
Vinny

No other domain trusts that this user could be in.
Just so everyone can stop with the warnings, we do NOT regularly delete users from the UserInfo table and fully are aware of the problems behind it, which is why it is so rarely done. But at times, you have to do what you have to do to help a customer, you
know? This one user is the only one that was removed from the UserInfo table, but there are a few other users that are also deleted (from SharePoint, not manually from UserInfo) that are still showing as well. This one user included.
There MUST be another place that the people picker gets it's information from. ALL of the user's old information still shows in the people picker (username, email address, display name), and yet none of that information exists anywhere other than in the
People Picker. Mailbox is gone from Exchange, User deleted from SharePoint, User deleted from Active Directory. Is there no cache someone could point me towards that People Picker might store information in.
Vinny

Cannot delete users from Catalog Manager

We're trying to delete users who no longer have access to OBIEE from the Catalog Manager. When we try we get an error saying access denied for user to path /users/[userid]... I know we can go out to the file system and manually delete the folder but we would like to use the Catalog Manager for this so that we can delegate this to our security staff.
Is a configuration setting wrong somewhere? It fails with users who have been granted admin rights as well as for the administrator id.
Security is configured with Hyperion Shared Services via an initialization block This is working fine. When we add a user to a group in Shared Services, the user catalog is created when the user logs in. We just can't get rid of it after removing the user from the Shared Services group.
We are running everything except the Admin Tool on AIX.
Thanks.
Jerry

I'm not sure I understand.
My system is configured to use Hyperion Shared Services for authentication. We do not create users in OBIEE. We create groups in OBIEE and assign them privileges. We then create the same groups in Shared Services. We add users to the appropriate group in Shared Services. When the user logs in, their user folder is created. When we need to remove a user's access, we take them out of the Shared Services group. We then want to delete their user folder in the catalog. We log in as an admin (we even tried this with the Administrator account), but we get the error.
Is there any way to delete users via OBI Presentation Services > Administration > Manage Catalog?
Thanks.
Jerry

Cannot delete users from the Central Management Console

I cannot delete users from the Central Management Console. I'm logged in to Enterprise as administrator but still get the following error:
There was an error while writing data back to the server: Sorry, you do not have the right to 'Delete objects' (id - 22) for 'koberg' (id - 725415). Please contact your system or permissions administrator if you require this right.
Thanks in advance for any help on this matter.

Oops, my mistake, sorry. Ok, so the Administrator cannot delete user koberg.
Check top level:
Logon to CMC, browse to Home > Settings and select the Rights tab. These are your top level settings. Factory default will show only Administrators and Everyone. Select the Net Access "Advanced" for the Administrators group. NB: Do not select these group names links - they will jump you out of the top level! On the Advanced rights page, ensure the right to "Delete objects" is explicitly granted.
Then set for the Users top level folder:
In the CMC, browse to Home, and select Users. Select the "Rights" button. Again - NB: Do not select these group names links - they will jump you out of the Users top level folder! Set the Administrators group to "Full Control". Save.
That should be all you need. However, there is a possibility the previous admin was busy setting security not only at the account level, but on groups so we need to verify the user:
In the CMC, browse to Home, and select Users. In the User list, select koberg. In the koberg account page, select the Rights tab. If the Administrators is not set to (Inherited Rights), make it so, and when you select the "Update" button, you should see the Net Access update to "Full Control". If this is the case, you should follow these steps on each account and accomplish this.
And if you still can't delete it, verify the groups:
In the CMC, browse to Home, and select Users. In the User list, select koberg. In the koberg account page, select the "Member of" tab. Note all groups koberg is a member of. Then in the CMC, browse to Home, and select Groups. Select the name hyperlink for the group(s) that koberg belongs to. On the group page, select the Rights tab, and ensure the Administrators have (Inherited Rights) - Full Control on all of these, also. If not, set it.
Finally, I know you inherited this, but let's overview some basics of simplifying your deployment administration. Follow these guidelines, and your administration life will be so much easier.
1. The Everyone group should never have any subgroups. Ever. All accounts on the system are a member of the Everyone group. Adding subgroups to the Everyone group is redundant.
2. For simplicity's sake, Application level access should be set on the Adminstrators Group, and the Everyone group. I know there are customers who add groups to application rights. I don't understand why users would have an account on the system if they are not allowed access to InfoView, but it's your system.
3. From a report object perspective, the Everyone group should be set at the top level to "No Access". This will result in them having no rights on anything at all. You break this inheritance at the application level to give them access to InfoView and other apps. On folders and objects, you ADD groups, then assign (ADD) rights as desired.
4. If you can help it, never explicitly deny a right to any user or group for any object or application. Explicitly deny overrides any other setting. If a user belongs to group A and group B, and group A is explicitly denied a right, you can explicitly grant it for group B or the user all day long, and it will still be denied. Always try to put yourself in the position of adding groups/users, and adding rights, then inheriting as far down the folder tree as you can.

Not Enough Hard Drive Space on my Mac Mini to Save Deleted User Account Folder: What to do?

I am no longer able to access my original user account on my mac mini because the account is corrupted and won't load. Thanks to the helpful advice I found on the internet, I was able to create a new user account and resume using my mac, but all of my old files are trapped in the old user account.
The plan was to delete the old user account, create a disk image of the old account folders, and then migrate those folders to the new user account. Unfortunately, I don't have enough disc space left on my Mac to do that. I have just under 11gb left after deleting absolutely everything I could, and I need 81gb for the old user files. The back up plan was to select the "don't change the home folder" option, but when I went to delete the account, there was no such option. The message simply read:
"The user's home folder will not be saved. To do so, you need 81.1gb of free disk space. Try emptying the trash or deleting other files on your disk, then deleting the user account. If you do not want to save the user's home folder, click delete immediately."
My only two choices were CANCEL or DELETE IMMEDIATELY. There was no "don't change the home folder" option.
So I am not sure how to proceed. Here are some questions:
1) is there a way to save the disk image directly to an external drive instead of the user's folder on the mac hard drive?
2) If I use the "delete immediately" option, will the files go into a "deleted users" folder where they can be recovered or will they just be erased from the computer and unretrievable?
3) Is there a way to use terminal to change access permission on the original user account files so that I can copy them onto an external drive or integrate them with the new user account without having to first delete the original user account?
4) In the absence of deleting the user account, will using either:
sudo chown -R `id -un` /Users/oldusername
and/or
sudo chmod -R u+rw /Users/oldusername
in Terminal allow the new user account permission to access the original user files and merge them seamlessly into my new user account? Or must I delete the original account first?
5) Is there something else I haven't thought of that would work, would be more efficient, or more effective? This wouldn't be the first time I have overthought a solution...
When considering any solutions, please keep in mind that I cannot launch the original user account as that starts the whole endless loading loop. So, while I have the password for the original user account, any solution would appear to require that I work from the new user account only, without launching the old account. Also I am a complete newbie at this. I've used Macs exclusively for 17 years but this is the first time I've had to do anything like this. Up to now, everything has always "just worked". So please be as detailed with any instructions as possible!
Any help greatly appreciated. Thanks!
Mac Mini 2ghz 1g ram running OS 10.4.11

I think ComputerFixer is correct, you should be able to drag and drop it to another drive, no worries. However, if not, you could create an disk image of it using DiskUtility and create it on a new drive. But again, I don't think that is necessary. If you have administrator rights with your new account, can you simply go into the old user account folder and drag and drop the files you want to save? I have done that as well as copy the older user account to another drive (in my case, another computer on the network) and salgage my files from there. Is that an option for you?

We have a long list of disabled/deleted users in AD Somehow, they are still appeared as active user in Sharepoint Online. How do we get rid of those list? Hope you can advice. Thanks.

we have a long list of disabled/deleted users in AD
Somehow, they are still appeared as active user in Sharepoint Online.
How do we get rid of those list?
Hope you can advice. Thanks.

SharePoint does not remove users from SharePoint permissions just because they were deleted/disabled in AD. This is to maintain referential integrity. In fact, when you delete a user from SharePoint, that user remains in the SharePoint content database,
just marked as deleted.
They do not have access to SharePoint given their account is deleted/disabled. But as far as automatically managing this, I'm not aware of a tool. On-prem there is Metalogix ControlPoint which does a great job of this, I haven't explored the O365 options.
Trevor Seward
Follow or contact me at...
&nbsp&nbsp
This post is my own opinion and does not necessarily reflect the opinion or view of Microsoft, its employees, or other MVPs.

Is there a way to delete records from MDM automatically?

Is there a way to delete records from MDM automatically?
I am able to import the data automatically through MDIS, but I have to delete the data first. Itu2019s possible to do it ?

Hi Adam,
Current scenario
USER1: call ME to delete old catalog data
ME: open the MDM & delete it manually
USER1: Transaction to extract new data file
MDIS: load the data to catalog
As per your requirement, you should save map in following way which can solve your purpose. Create a XML file which should consist of new and existing records. So in import Manager, for newly added records you need to set Default Import Action as Create and for existing records you should use or set Default Import Action as Replace and then should save in map.
So using this every-time if new record comes (not available in data manager), it will get created and for existing record (already available in Data Manager) it will replace (which means delete the existing record (old catalog data) and create a new record).
Regards,
Mandeep Saini

Not able to create, deleted user again in OIM

Hi,
As part of our porcess we susped the user on the next day of his/her last working day. And after 20 days we are deleting that user from OIM.
Now the deleted user again re-hire into the organization. So we need to re-create the user in OIM.
But we are unable to create the user in OIM 11g. And it is showing error as "user already exist".
Then we found there is an entry for this user in OIM repository as usr_status as deleted. And also we are not able to see this user in the OIM admin console even there is an entry in repository.
Please help us how to solve this issue in creating the identity in OIM.
Thanks in advance
Siva

If you want to re-create a deleted user with the same user id then you need to set the re-use id property to true and also drop the unique key contraint from the USR table.
Ref: Re: Steps for re-using the same user id of a deleted user in OIM 11g ?
-Bikash

Error while trying to delete user in OIM 11gR1

Hi,
When I try to delete the user from OIM console by clicking on 'Delete User' button, I get the following error:
"The Delete operation failed. Bulk Orchestration not yet implmented" on the cosole.
Kindly help in resolving the issue.
Regards

I have been able to resolve the issue now.
I followed the below steps for the same:
1. In the Welcome page for Oracle Identity Manager Administration, under System Management, click System Configuration.
2. In the left pane, search for system properties.
3. In the search result, select the Period to Delay User Delete property.
4. Edit the property value to 0.
5. Save the property.
After setting the same, I was able to successfully delete the user.
Regards.
Edited by: 963540 on Jun 4, 2013 5:11 AM

Steps for re-using the same user id of a deleted user in OIM 11g ?

Hello experts,
By Default, in OIM 11.1.1.5.0 it is not allowing to re-use the same user id of a deleted user.
Consider a user with user id as "ABCD1234". The user is deleted from OIM and it is not getting displayed in the user search. But in DB we could see that user details with "Deleted" status. Say accidently this hard delete has happened .
How do we create that user again with same user id ?
What is recommended for such scenario ?
Thanks,
DK

I suggest disable the unique index instead of dropping it using ALTER INDEX <INDEX_NAME> DISABLE command.
Better way to handle this do below
1. disable index
2. update usr_login for deleted user using sql query eg. xx|usr_login and commit it ( update usr set usr_login='xx'|| usr_login where upper(usr_status)='DELETED')
3. enable your index
4. now login to OIM and easily you can create user with the previous user login
In this case your Index is still enbaled so it won't hamper the performancem, because this index is being used in various places for user search.
NOTE: disable any other constraints if required. But, I don't think so. Just disabling unique index will allow you to update"
--nayan

I am trying to clean up my iMac hard drive and find a lot of space in 'Deleted Users'...what is this and can I delete that folder?

I am trying to clean up my iMac hard drive and find a lot of space in a folder named 'Deleted Users'...what is this and can I delete it to save space?

If a user account is deleted and the data for that account is not deleted, it is placed there. Yes, you can delete the files there.

Deleted User recovery in SAP R/3

Hi :
By mistakenly I have deleted user from the user list . After some time i came to know that , that user is productive user.
Can any one help me for how to recover the user from deleted list.
Thanks
Chimsi

Hi,
I do not think that will be possible. You can recreate the same user-id though, and he/she shall be able to carry on (get the workflow items, inbox, transport requests and so on, of the earlier user-id).
It maybe possible to search CDHDR and CDPOS tables to get some details of user deletion.
cheers,

How to permanently/manually delete User Account on MAC OS X 10.6.8

Hi There,
Can you please assist with providing instructions on how to manually delete USER accounts on MAC OS X 10.6.8. Everyone but one user (who's account was deleted) can not log into the damain device. As a test I tried to add a new user accout with the same name as before and even though nothing existing in the USERS folder; it states that a duplicate name exists.
How do I delete that duplicate? Where could that be located?
Please let me know,
Sonia

Solution!
Command to locate the hidden User Profile:
dscl . list /users
Command to delete the now found hidden User Profile:
sudo dscl . delete /users/<userID>
Thanks,
SoniaCP

Deleted users are not really "deleted" !

Hello all !
I'm writing an java application to create/read/update/delete users using the GRAPH API. All is going well except one particular use case : If I delete a user, and then later try to create again the same user, I get the following error : "A conflicting
object with one or more of the specified property values is present in the directory"
The detailled use case for one user is :
- Create user with (userPrincipalName, displayName, accountEnabled, mailNickname, password, forceChangePasswordNextLogin properties) : OK
- Query this user to read his properties: OK
- Delete this user : OK
- Query this user to read his properties : the user does not exist : OK
- Create the user with same properties than first step : Not OK ("A conflicting object with one or more of the specified property values is present in the directory")
It should be noted that this error is returned more and more as I repeat these steps.
What is the problem and what can I do ?
Thanks in advance.

I am able to successfully add and remove the same user using the Azure Portal and via code.
Are you sure the user is actually being deleted?
Have you verified if you are able to see the deleted user in the Azure Portal after you delete it?
I used the code within the Graph API Console Application ( AzureADSamples/ConsoleApp-GraphAPI-DotNet
- https://github.com/AzureADSamples/ConsoleApp-GraphAPI-DotNet- "create a new user" region and "Delete User" region). I was able to create the same user and
delete the user multiple times without any errors.
Here is another thing you could verify. Is you application a member of the "User Account Administrator" role? You can utilize the MSOL cmdlets ( Manage Azure AD using Windows PowerShell -https://msdn.microsoft.com/en-us/library/azure/jj151815.aspx )
to add your application to this role (add-msolrolemember -RoleName "User Account Administrator" -RoleMemberType ServicePrincipal -Rolememberobjectid <object GUID for application> )
If your application is under the correct "User Account Administrator" role, it should not have any problems doing this task. I would verify.
If you are still having a problem. You might need to open a support case via the Azure Portal. I hope this resolves your issue.
~ Michael

Deleting users in MDM

Similar Messages

Maybe you are looking for