Purge Deleted Users

Similar Messages

• CUA- Deleting user IDs from Child systems

  Is there a possibility of configuring CUA in such a way that user IDs can be created and access can be updated from CUA but deleting user IDs should be taking place only in the child system (Not in all the child systems)?

  Generally good advice to keep the uniqueness of UIDs over time, also after Elvis has left the building
  What you could consider is a CUA RFC user which is not authorized to delete UID's and schedule a purge job for those IDOCs which deleted only them.
  However these sorts of "workaround" solutions are not the best advise, to be honest. What happens it someone temporarily assigns SAP_ALL because there is a big problem and authorizations should be excluded as the cause to get it working again?
  Also, every time a new child system is added to the CUA you will be flooded.
  My advice: Rather change your procedure (as discribed by Jurgen).
  What would be interesting to test is whether you are authorized to move a user (change the authorization relevevant group which they currently have) to a group which the CUA user is no long able to subsequently administrate? But theen you will still be hunting down IDOCs from time to time, most likely.
  If your shop is big enough to have these systems you have described, then you might want to consider an IdM system to replace your CUA at some time.
  If you wish, I will move this thread to the IdM forum.
  Cheers,
  Julius
  ps: Please do not cross-post.

• Problem deleting users with delegated admin

  Hello,
  I seem to be having a problem deleting users with delegated administrator. I am using JES 2005Q4.
  Here is what I do:
  I set Inetuserstatus and mailuserstatus to deleted. Then run msuserpurge to delete the mail box. This seems to be working fine. Then I do a commadmin domain purge and it will actually delete the persons ldap record, but it does not delete the o=pab records or the o=PIserverDB records.
  I am probably missing a step here, and would apprecidate it somebody could point me in the right direction.
  Thanks,
  Gary

  DA patches:
  119777-10 most current release for Solaris
  119778 for X86
  119779 for Linux
  118540-23 Communication Express Solaris Sparc
  118541 X86
  118542 Linux
  118207-42 Messaging core Solaris sparc
  118208 X86
  118209 Linux
  116574-02 Veritas Vcsha (sparc only)
  118242-03 and 118245-03 Dssetup sparc
  118243 and 118246 X86
  118247 Linux
  122018-02 Outlook Connector
  (all the currently released patches. Most have t-patches available from tech support post the above numbers)

• Deleting users in iMS 52

  When users are deleted from iMS 52, they are not deleted in ldap directory.
  How to delete the user completely?
  Have tried to delete with imadmin, followed by user purge it shows no users to purge and stiil user remains in ldap.

  If you want to change the default for all the users, change the value of the parameter "idadefaultvalue" . By default it will be 10.
  You may change this using an ldapmodify or from the console.
  dn: cn=option_g,cn=servlet1,cn=purge,cn=user,cn=climapconf,cn=en,cn=domainConfiguration,ou=config,o=isp
  changetype: modify
  replace: idadefaultvalue
  idadefaultvalue: <value you want>
  similarly change for the below dn in the same way.
  dn: cn=option_g,cn=servlet2,cn=purge,cn=user,cn=climapconf,cn=en,cn=domainConfiguration,ou=config,o=isp
  Else you can browse through the console, and select the properties of these two servlet objects and change the value from there.
  P.N.-- Do an "imsimta dirsync -F" once you made the changes.

• Deleted users cause conflicts with new users

  If I delete a user in WGM and renove their home folder from the sharepoint, I get a conflict error if I try to create a brand new user with the same name (shortname) as the deleted user/s. I'm not using the Mail service at all in OS X Server.
  Where else do I search for user records to purge?
  thanks

  1. Go to WGM > WGM Menu > Preferences > turn on 'Show all records tab and inspector"
  2. Click on the 'target' symblol tab that appears next to the users/groups/computers tab in teh laft-hand, lower pane.
  3. Select Users from the pulldown menu under the tabs
  Is the shortname you deleted listed here? If so delete from here, then re-add.
  hth,
  b.

• Deleted Users & Domains?

  Hello,
  Is there an option or a command that would allow me to view the DELETED users and/or Domains in iMS5.2 before I purge?
  Thanks

  You can certainly use ldapsearch, and look for the attribute "deleted" in the status object class.

• Snow Leopard Server - Can't delete users in WGM?

  Hi!
  I have 2 Mac OS X Server 10.6.4 machines. One is an OD-master and the other is a replica. Since last week I haven't been able to delete user accounts in WGM. It doesn't give me any error and at first glance it looks like the account is deleted, but the account pops up again when searching for that user i WGM.
  I also noticed that Server Admin freezes and need a force quit when I click the "Settings" tab for det OD-service.
  I suspect the two problems are related somehow, but I can't figure out how to fix them. I've read through a couple of forum posts here but couldn't find anyone with a similar question/problem.
  Changing passwords and other settings work fine on user accounts. The syncing between OD master and Replica also works.
  The problem is identical on both machines. Deleting accounts doesn't work and Server Admin crashes when checking the "settings" tab on the OD-service.
  Has anyone got a clue what I should do och look for?

  I managed to solve the problem a couple of days ago. This is what I did.
  At first I thought Server Admin crashed when choosing the OD-service, but I was mistaken. It didn't crash, just stalled for a long time (up to 20 minutes as soon as I clicked on something in the OD-service).
  My main concern was that my latest OD-backup was a month old and I really wanted a fresh archive before I tried to rebuild the OD-master. So if you already have a working archive you can skip the next part.
  Another problem was that the archive-feature did not work at all on any of my two servers.. I could reach the archive-function (with 20 minutes delay on each click) but it resulted in no archive and didn't give me any errors, so I'm glad I checked to see that an archive was actually made. So I promoted my replica to an OD-master and after that Server Admin didn't freeze for 20 minutes any more in the OD-service and the archive function worked again. So I did a fresh archive.
  Now that I had a fresh OD-archive I demoted the (original) OD-master to a Standalone server. Then made it an OD-master again and imported the OD-archive I made from the replica. Everything worked fine and I could delete users again and Server Admin didn't freeze any more. I hooked up the replica to the OD-master and since then I've had no problem. I hope this helps someone else with the same/similar problem.

• Cannot remove deleted user from people picker - SharePoint Foundation 2010

  So I think I've read all the people picker articles here and I can't find a solution so I thought I'd start a new thread. Here is the issue:
  A user was deleted from Active Directory and removed from SharePoint Foundation 2010. The user was still showing in the People Picker within the site collection, so we have performed a few things to try and get rid of this user.
  User is deleted from AD
  User is deleted from SharePoint Site Collection
  Have tried stsadm -o deleteuser
  Have removed all mention of this user from UserInfo table
  User does NOT show in
  https://<SiteCollectionURL/_layouts/people.aspx?MembershipGroupId=0
  Cannot find any mention of this user anywhere.
  Ran a full crawl as we read on a forum somewhere that it might help.
  If I try and add the user back to SharePoint I get "The user does not exist or is not unique"
  If I try "stsadm -o deleteuser -userlogin DOMAIN\USER -url https://<sitecollectionurl>" I get "The user does not exist or is not unique"
  I am not sure what else I can try now. Can anyone help?
  Thanks,
  Vinny
  Vinny

  No other domain trusts that this user could be in.
  Just so everyone can stop with the warnings, we do NOT regularly delete users from the UserInfo table and fully are aware of the problems behind it, which is why it is so rarely done. But at times, you have to do what you have to do to help a customer, you
  know? This one user is the only one that was removed from the UserInfo table, but there are a few other users that are also deleted (from SharePoint, not manually from UserInfo) that are still showing as well. This one user included.
  There MUST be another place that the people picker gets it's information from. ALL of the user's old information still shows in the people picker (username, email address, display name), and yet none of that information exists anywhere other than in the
  People Picker. Mailbox is gone from Exchange, User deleted from SharePoint, User deleted from Active Directory. Is there no cache someone could point me towards that People Picker might store information in.
  Vinny

• Cannot delete users from Catalog Manager

  We're trying to delete users who no longer have access to OBIEE from the Catalog Manager. When we try we get an error saying access denied for user to path /users/[userid]... I know we can go out to the file system and manually delete the folder but we would like to use the Catalog Manager for this so that we can delegate this to our security staff.
  Is a configuration setting wrong somewhere? It fails with users who have been granted admin rights as well as for the administrator id.
  Security is configured with Hyperion Shared Services via an initialization block This is working fine. When we add a user to a group in Shared Services, the user catalog is created when the user logs in. We just can't get rid of it after removing the user from the Shared Services group.
  We are running everything except the Admin Tool on AIX.
  Thanks.
  Jerry

  I'm not sure I understand.
  My system is configured to use Hyperion Shared Services for authentication. We do not create users in OBIEE. We create groups in OBIEE and assign them privileges. We then create the same groups in Shared Services. We add users to the appropriate group in Shared Services. When the user logs in, their user folder is created. When we need to remove a user's access, we take them out of the Shared Services group. We then want to delete their user folder in the catalog. We log in as an admin (we even tried this with the Administrator account), but we get the error.
  Is there any way to delete users via OBI Presentation Services > Administration > Manage Catalog?
  Thanks.
  Jerry

• Cannot delete users from the Central Management Console

  I cannot delete users from the Central Management Console.  I'm logged in to Enterprise as administrator but still get the following error:
  There was an error while writing data back to the server: Sorry, you do not have the right to 'Delete objects' (id - 22) for 'koberg' (id - 725415). Please contact your system or permissions administrator if you require this right.
  Thanks in advance for any help on this matter.

  Oops, my mistake, sorry. Ok, so the Administrator cannot delete user koberg.
  Check top level:
  Logon to CMC, browse to Home > Settings and select the Rights tab. These are your top level settings. Factory default will show only Administrators and Everyone. Select the Net Access "Advanced" for the Administrators group. NB: Do not select these group names links - they will jump you out of the top level! On the Advanced rights page, ensure the right to "Delete objects" is explicitly granted.
  Then set for the Users top level folder:
  In the CMC, browse to Home, and select Users. Select the "Rights" button. Again - NB: Do not select these group names links - they will jump you out of the Users top level folder! Set the Administrators group to "Full Control". Save.
  That should be all you need. However, there is a possibility the previous admin was busy setting security not only at the account level, but on groups so we need to verify the user:
  In the CMC, browse to Home, and select Users. In the User list, select koberg. In the koberg account page, select the Rights tab. If the Administrators is not set to (Inherited Rights), make it so, and when you select the "Update" button, you should see the Net Access update to "Full Control". If this is the case, you should follow these steps on each account and accomplish this.
  And if you still can't delete it, verify the groups:
  In the CMC, browse to Home, and select Users. In the User list, select koberg. In the koberg account page, select the "Member of" tab. Note all groups koberg is a member of. Then in the CMC, browse to Home, and select Groups. Select the name hyperlink for the group(s) that koberg belongs to. On the group page, select the Rights tab, and ensure the Administrators have (Inherited Rights) - Full Control on all of these, also. If not, set it.
  Finally, I know you inherited this, but let's overview some basics of simplifying your deployment administration. Follow these guidelines, and your administration life will be so much easier.
  1. The Everyone group should never have any subgroups. Ever. All accounts on the system are a member of the Everyone group. Adding subgroups to the Everyone group is redundant.
  2. For simplicity's sake, Application level access should be set on the Adminstrators Group, and the Everyone group. I know there are customers who add groups to application rights. I don't understand why users would have an account on the system if they are not allowed access to InfoView, but it's your system.
  3. From a report object perspective, the Everyone group should be set at the top level to "No Access". This will result in them having no rights on anything at all. You break this inheritance at the application level to give them access to InfoView and other apps. On folders and objects, you ADD groups, then assign (ADD) rights as desired.
  4. If you can help it, never explicitly deny a right to any user or group for any object or application. Explicitly deny overrides any other setting. If a user belongs to group A and group B, and group A is explicitly denied a right, you can explicitly grant it for group B or the user all day long, and it will still be denied. Always try to put yourself in the position of adding groups/users, and adding rights, then inheriting as far down the folder tree as you can.

• Not Enough Hard Drive Space on my Mac Mini to Save Deleted User Account Folder: What to do?

  I am no longer able to access my original user account on my mac mini because the account is corrupted and won't load. Thanks to the helpful advice I found on the internet, I was able to create a new user account and resume using my mac, but all of my old files are trapped in the old user account.
  The plan was to delete the old user account, create a disk image of the old account folders, and then migrate those folders to the new user account. Unfortunately, I don't have enough disc space left on my Mac to do that. I have just under 11gb left after deleting absolutely everything I could, and I need 81gb for the old user files. The back up plan was to select the "don't change the home folder" option, but when I went to delete the account, there was no such option. The message simply read:
  "The user's home folder will not be saved. To do so, you need 81.1gb of free disk space. Try emptying the trash or deleting other files on your disk, then deleting the user account. If you do not want to save the user's home folder, click delete immediately."
  My only two choices were CANCEL or DELETE IMMEDIATELY. There was no "don't change the home folder" option.
  So I am not sure how to proceed. Here are some questions:
  1) is there a way to save the disk image directly to an external drive instead of the user's folder on the mac hard drive?
  2) If I use the "delete immediately" option, will the files go into a "deleted users" folder where they can be recovered or will they just be erased from the computer and unretrievable?
  3) Is there a way to use terminal to change access permission on the original user account files so that I can copy them onto an external drive or integrate them with the new user account without having to first delete the original user account?
  4) In the absence of deleting the user account, will using either:
  sudo chown -R `id -un` /Users/oldusername
  and/or
  sudo chmod -R u+rw /Users/oldusername
  in Terminal allow the new user account permission to access the original user files and merge them seamlessly into my new user account? Or must I delete the original account first?
  5) Is there something else I haven't thought of that would work, would be more efficient, or more effective? This wouldn't be the first time I have overthought a solution...
  When considering any solutions, please keep in mind that I cannot launch the original user account as that starts the whole endless loading loop. So, while I have the password for the original user account, any solution would appear to require that I work from the new user account only, without launching the old account.  Also I am a complete newbie at this. I've used Macs exclusively for 17 years but this is the first time I've had to do anything like this. Up to now, everything has always "just worked".  So please be as detailed with any instructions as possible!
  Any help greatly appreciated.  Thanks!
  Mac Mini 2ghz 1g ram running OS 10.4.11

  I think ComputerFixer is correct, you should be able to drag and drop it to another drive, no worries. However, if not, you could create an disk image of it using DiskUtility and create it on a new drive. But again, I don't think that is necessary. If you have administrator rights with your new account, can you simply go into the old user account folder and drag and drop the files you want to save? I have done that as well as copy the older user account to another drive (in my case, another computer on the network) and salgage my files from there. Is that an option for you?

• We have a long list of disabled/deleted users in AD Somehow, they are still appeared as active user in Sharepoint Online. How do we get rid of those list? Hope you can advice. Thanks.

  we have a long list of disabled/deleted users in AD
  Somehow, they are still appeared as active user in Sharepoint Online.
  How do we get rid of those list?
  Hope you can advice. Thanks.

  SharePoint does not remove users from SharePoint permissions just because they were deleted/disabled in AD. This is to maintain referential integrity. In fact, when you delete a user from SharePoint, that user remains in the SharePoint content database,
  just marked as deleted.
  They do not have access to SharePoint given their account is deleted/disabled. But as far as automatically managing this, I'm not aware of a tool. On-prem there is Metalogix ControlPoint which does a great job of this, I haven't explored the O365 options.
  Trevor Seward
  Follow or contact me at...
  &nbsp&nbsp
  This post is my own opinion and does not necessarily reflect the opinion or view of Microsoft, its employees, or other MVPs.

• Not able to create, deleted user again in OIM

  Hi,
  As part of our porcess we susped the user on the next day of his/her last working day. And after 20 days we are deleting that user from OIM.
  Now the deleted user again re-hire into the organization. So we need to re-create the user in OIM.
  But we are unable to create the user in OIM 11g. And it is showing error as "user already exist".
  Then we found there is an entry for this user in OIM repository as usr_status as deleted. And also we are not able to see this user in the OIM admin console even there is an entry in repository.
  Please help us how to solve this issue in creating the identity in OIM.
  Thanks in advance
  Siva

  If you want to re-create a deleted user with the same user id then you need to set the re-use id property to true and also drop the unique key contraint from the USR table.
  Ref: Re: Steps for re-using the same user id of a deleted user in OIM 11g ?
  -Bikash

• Error while trying to delete user in OIM 11gR1

  Hi,
  When I try to delete the user from OIM console by clicking on 'Delete User' button, I get the following error:
  "The Delete operation failed. Bulk Orchestration not yet implmented" on the cosole.
  Kindly help in resolving the issue.
  Regards

  I have been able to resolve the issue now.
  I followed the below steps for the same:
  1. In the Welcome page for Oracle Identity Manager Administration, under System Management, click System Configuration.
  2. In the left pane, search for system properties.
  3. In the search result, select the Period to Delay User Delete property.
  4. Edit the property value to 0.
  5. Save the property.
  After setting the same, I was able to successfully delete the user.
  Regards.
  Edited by: 963540 on Jun 4, 2013 5:11 AM

• Steps for re-using the same user id of a deleted user in OIM 11g ?

  Hello experts,
  By Default, in OIM 11.1.1.5.0 it is not allowing to re-use the same user id of a deleted user.
  Consider a user with user id as "ABCD1234". The user is deleted from OIM and it is not getting displayed in the user search. But in DB we could see that user details with "Deleted" status. Say accidently this hard delete has happened .
  How do we create that user again with same user id ?
  What is recommended for such scenario ?
  Thanks,
  DK

  I suggest disable the unique index instead of dropping it using ALTER INDEX <INDEX_NAME> DISABLE command.
  Better way to handle this do below
  1. disable index
  2. update usr_login for deleted user using sql query eg. xx|usr_login and commit it ( update usr set usr_login='xx'|| usr_login where upper(usr_status)='DELETED')
  3. enable your index
  4. now login to OIM and easily you can create user with the previous user login
  In this case your Index is still enbaled so it won't hamper the performancem, because this index is being used in various places for user search.
  NOTE: disable any other constraints if required. But, I don't think so. Just disabling unique index will allow you to update"
  --nayan