Deleting user for provisioning servers with synch accounts to delete child accounts
search cancel

Deleting user for provisioning servers with synch accounts to delete child accounts

book

Article ID: 205396

calendar_today

Updated On:

Products

CA Identity Manager CA Identity Governance CA Identity Portal CA Identity Suite

Issue/Introduction

We have an Identity Suite Installed and configured.

We have Users in the Provisioning Store. I wanted to clean entire user data from provisioning

Environment

Release : 14.3

Component : CA IDENTITY SUITE (VIRTUAL APPLIANCE)

Resolution

Delete Control Statement
Use the DELETE control statement to delete an existing object or inclusion. The basic syntax is.

etautil [-d domain][-u user [-p password]] [-n] delete
  base dn class name=keyname
If the object to be deleted is an inclusion object, the syntax is:

etautil [-d domain] [-user [-p password]] [-n]  delete
  base dn class name=keyname 
  in parent base dn parent class
  name=keyname [relationship=rel]
Deleting Global Users and their Relationships
Use the DELETE control statement to delete a global user and its relationships. You can use this statement to delete a specific global user and all of its inclusion objects, such as an inclusion object that makes the global user a member of a global user group. The syntax is

etautil [-d domain] [-u user [-p password]] [-n] delete
  base_DN_of_global_user_container 
  eTGlobalUser globalusername=user name

Sample Command
etautil ... delete 
  'eTGlobalUserContainerName=Global Users,eTNamespaceName=CommonObjects' 
  eTGlobalUser GlobalUserName=jonje101 

 

Note: To delete a global user, its relationships, and all its accounts, use the UPDATE control statement, as described in Deleting Global Users, their Relationships, and their Accounts.

Deleting Global Users, Their Relationships, and Their Accounts
Use the UPDATE control statement to delete a global user, its relationships, and all associated accounts. This control statement performs the same actions as the DELETE control statement, and, in addition, deletes all of the global user's accounts on each endpoint and in the Provisioning repository. 

For example, suppose a global user has an account named account1 on the endpoint named MYNTMACHINE, a Windows NT server. If you use the UPDATE control statement to delete the global user, then account1 is removed from the Provisioning Directory and the computer when you execute the command. However, if you use the DELETE control statement to delete the global user, then account1 remains on the endpoint and the Windows NT server, even though the associated global user was deleted.

To delete a global user, its relationships, and all associated accounts, use the following syntax:

etautil [-n] [-d domain] 
  [-u user [-p password]]  
  update
  base_DN_of_global_user_container
  eTGlobalUser globalusername=user_name 
  to DeleteUserAndAccounts=1 

Sample Command
etautil ... update 
  'eTGlobalUserContainerName=Global Users,eTNamespaceName=CommonObjects'
  eTGlobalUser  GlobalUserName=user01  to  DeleteUserAndAccounts=1

 

 

Powered by Wolken Software