When attempting to remove a provisioning role from a user who has an Active Directory account and an ExchangeActiveSyncDevices object, leads to a failure of deletion on the Active Directory side.

1. Install the Exchange Schema Extensions or use AD with Exchange.
2. Create a AD user(ex: CN=TestUser) by using a provisioning role(AD with Exchange).
3. Launch ADSI Edit on AD machine.
4. Locate the user object(s) you wish to add them to.
5. Right-Click the User Object (CN=TestUser) in ADSIEdit -> New -> Object
6. Select the desired object type(there would be a couple of object types. can choose any one of them)
7. Fill out the fields respectively.
8. Now, Attempt to remove a provisioning role from the user(CN=TestUser) (deletes user on the endpoint).

Component : SYMANTEC IDENTITY SUITE (VIRTUAL APPLIANCE)
Component : SYMANTEC IDENTITY MANAGER(IDENTITY MANAGER)
Release : 14.4.1CHF2 /14.4.2

This is a known defect against 14.4.1CHF2 /14.4.2

Open a support case and request HF-DE549178-14.4.2 for 14.4.2 or HF-DE549178 for 14.4.1CHF2