Trying to delete a non-existent AD/LDAP acct from PAM and getting error error deleting user.  Users provisioned from LDAP my not be deleted directly, only by deleting their LDAP group. 

User belongs to OU=terminated accts, OU=Users which isnt browsable in PAM the LDAP tool but we do have LDAP group OU=users which i refreshed but still unable to remove. 

Is there anyway to manually remove the user from the DB?

Release : 3.x 4.x

Component : PRIVILEGED ACCESS MANAGEMENT

We expect this was due to the timing or sequence of the user being first moved in the OU organization and then deleted from the group before finally being deleted from AD completely and when the LDAP sync was running

Issues like this one should be rare but if this occurs a ticket should be opened with Broadcom Support to allow a Support Engineer access to the database through SSH to manually clean up prior to running the userSync patch process.