Users who are no longer in Active Directory remain in Encryption Management Server. This makes the Internal User count inaccurate. If Encryption Management Server uses LDAP Synchronization with Active Directory, it also results in the Groups log in the Reporting / Logs page of the Encryption Management Server administration console containing warnings about users who cannot be found.
The Groups log contains warnings like this:
WARN pgp/groupd[2761]: LDAP-00000: failed to map consumer "Example User" (756056ec-7906-4560-bb08-d839c71db118) to a directory
Symantec Encryption Management Server 10.5 and above.
This is by design. Users are not deleted for two main reasons:
Reasons why you may wish to delete user accounts from Encryption Management Server include the following:
If you wish to remove users from the PGP Encryption Server systematically, please reach out to Symantec Encryption Support for further guidance.
ISFR-2455
EPG-23205