WinMagic Active Directory service does not move deleted AD user into Recycling bin
Background Information
Majority of our clients configured AD Sync service to run under a limited AD user account.
This account is able to pull all the new OUS and New AD users.
But when User is deleted from Active Directory our AD Sync service is not detecting this deletion, with the result that those users remain active in their respective Folders (equivalent to AD OUs).
In ADsync service option to move Deleted AD user is selected
How we work with ADsync
When Microsoft AD deletes a user it places it inside Tombstone\Deleted Object location.
The deleted user is also marked with IsDeleted status .
Our WinMagic Active Directory Sync relies on being able to detect these deleted users.
We can utilize Microsoft LDP.exe to verify what user can see deleted objects.
Reference material below
https://technet.microsoft.com/en-us/magazine/2007.09.tombstones.aspx
Using Microsoft ldp.exe utility connection can be made with
1)Initial user that performs that AD connection to display the Ou
2)A full domain admin
then compare end results . If limited account is not able to see deleted objects but full domain admin can .
Then the issue is tied with what permissions were assigned to limited ad admin that prevented the view of Deleted objects.
We can ask domain admin to assign additional rights (reference material below )
https://support.microsoft.com/en-us/kb/892806
Custom Fields
|