search cancel

CAPAM wont remove previous Admin Accounts PAM-CMN-1583

book

Article ID: 216125

calendar_today

Updated On:

Products

CA Privileged Access Manager (PAM)

Issue/Introduction

CAPAM is connected in AD, all users are being registered to CAPAM by Security Groups added to their account after groups were imported from AD.

Some of the Admin Accounts whose membership has already been removed are still retained in the CAPAM.

Environment

Release : 1.0

Component : PRIVILEGED ACCESS MANAGER CREDENTIAL MANAGENENT

Cause

The Admin Accounts are part of Breakglass Approvers.

Resolution

In the Session Logs we have  "PAM-CMN-1583: 0 users deleted, 1 users not deleted for lack of privilege, 0 users not found, 0 LDAP users not deleted, 0 login contact users not deleted, 0 unknown user delete errors",0, --,,0"

The admin accounts are part of Breakglass Approvers, removing these accounts from the list of Breakglass Approvers helps in the deletion of these accounts from CA PAM.