CA Identity Manager: Deleting accounts from IM that have been removed from their endpoint
book
Article ID: 93551
calendar_today
Updated On:
Products
CA Identity ManagerCA Identity GovernanceCA Identity Portal
Issue/Introduction
If an endpoint administrator deletes user accounts directly on an endpoint, that will not automatically reflect in Identity Manager. This will leave Identity Manager pointing to user accounts that no longer exist. This document discusses the easiest way to remove those accounts.
Identity Manager gains its understanding of an endpoint through explore and correlates (E&C). Without performing an explore, Identity Manager has no knowledge of the current status of an endpoint system. Therefore, when E&Cs are not performed on a regular basis the information Identity Manager has about an endpoint can be drastically different from the reality of that endpoint. Items such as groups, OUs, user accounts, etc will become out of sync.
Environment
Release: Component: IDMGR
Resolution
To remove the deleted accounts out of Identity Manager, perform a full tree explore of the endpoint. A full tree explore is an explore that is performed on every OU of the endpoint. This explore can be performed with or without a correlate, the end result of the accounts being removed will be the same.