• Users created in Active Directory and imported into Cloud Director may have their AD account expired due to internal policies or third party integration.
• As a result, user accounts in Cloud Director will need removing and their objects will need a new owner.

10.3

• Some Organizations have implemented security policies whereby Active Directory accounts are forced to expire if certain conditions are not met.
• As an example, a user that has not logged in for a while or has not changed their password when prompted.
• Group Policies or third party integration then expires those accounts and they need recreating in both AD and VCD.
• These accounts are then considered Stranded in Cloud Director.
• Every account in Cloud Director has an individual UUID and you cannot have two accounts of the same name.

1. You will need the accounts User URN to take ownership of the expired accounts objects.
2. To obtain this, open the API Explorer https://<vcd-fqdn>/api-explorer/provider/ and search for 1.0.0/users
3. Within the API Explorer, click on the blue GET button and then 'Try It Out' to retrieve the list of users and their URNs.
   
4. Make a note of all the related urn:vcloud:user:UUID
   
5. Once you are in possession of both the user URN and the bearer token, you will now have to take ownership of the users items. This includes catalog items.
   
6. Finally, delete the user with the /1.0.0/users/{userUrn} API call in the API Explorer