• You are using NSX and want to remove Identity Firewall AD entries.
• The "Delete" option for the AD entry is greyed.
• The Synchronization Status for the AD entry has failed due to an LDAP issue. The LDAP entry is reporting up and connected without issue.
• Hovering over the delete button the reason is as follows: "Operation is not allowed while domain sync is in-progress".
• Attempting a sync delta or sync all has no impact.
• Using the API call /policy/api/v1/infra/firewall-identity-stores/{firewall-identity-store-id}/sync-stats illustrates "SYNC-STATUS-FAILED" and "Cannot connect to any LDAP server in domain abcxyc.domain.com".

NSX-T 3.X or NSX 4.X

In order to remove the entry use the following API calls:

1. Get the identity store id from the GET API call:
   1. GET https://{nsx-manager-ip}/policy/api/v1/infra/identity-firewall-stores/
2. Use the DELETE API call to delete the identity store which cannot be deleted via the UI:
   1. DELETE https://{nsx-manager-ip}/policy/api/v1/infra/identity-firewall-stores/{identity-firewall-store-id}

Once completed, refresh the UI to confirm removal of the AD entry.

Alternative options to resolve the issue is the attempt to stop the sync is to use the below POST API call:

POST https://{nsx-manager-ip}/policy/api/v1/infra/firewall-identity-stores/{firewall-identity-store-id}?action=STOP_SYNC

After, check if the UI allowed delete of the AD entry. If not, complete the above DELETE API call.