We created a test-user in AD and he got sync.
After all the tests we have done, we didnt need him anymore.
I deleted the User from AD and from the "Deleted-Users" (AD-hard deleted).
I cannot find him neither in AD nor with Powershell.
I deleted them even on Azure AD Dashboard (hard delete) and with Powershell (remove-msoluser), but after the Sync they keep getting back.
How can be possible, to keep synching an user, wo doenst exist anymore?
Does anybody have an idea?
Thanks in Advice. :)
You can try permanently delete a user from your organization without waiting the 30 days for automatic deletion. A permanently deleted user can't be restored by you.
Go to azure portal -> Users ->select Deleted users -> Delete permanently.
Otherwise, try to Remove a user from the Recycle Bin as below cmdlet, It permanently removes a deleted user from the recycle Bin. Even after you sync.
Remove-MsolUser -UserPrincipalName user#Contoso.com -RemoveFromRecycleBin
If its still licensed, you can remove all the licenses before proceeding.
Remove-MsolUser -UserPrincipalName user#Contoso.com -Force
For more information in detail, please refer below links:
https://learn.microsoft.com/en-us/powershell/module/msonline/remove-msoluser?view=azureadps-1.0#example-3--remove-a-user-from-the-recycle-bin
Related
I am trying to delete a free trial of AzureAD but there are two requisites that I am unable to get past these are
Delete all licence-based subscriptions
Delete all azure-subscriptions
When you click on the first option this states there are no subscriptions to delete?
If you try the second option and navigate to the trial there is no cancel option as this trials status is set to disabled?
Anyone know how to proceed so I can get this test AzureAD account gone?
To delete a directory in Azure Active Directory, you need to meet all the checks.
Azure trial subscription will be canceled automatically after the trial. But you cannot delete the subscription yourself. You will need to wait 90 days before permanently deleting your data in case that you need to access it again.
Here is the reply from MicrosoftDocs.
You can't delete an Azure subscription directly. As the article
states, all an account admin needs to do is Cancel subscription.
Billing stops at that point and all Azure services get disabled, but a
final invoice isn’t created until the end of the current billing
period. 90 days after you cancel the subscription, Azure automatically
permanently deletes the subscription and all data.
Reference:
Can not delete subscription
Add an option to delete disabled subscriptions
Microsoft Docs has substantive info on adding users to VSTS via Active Directory, but I'm not finding specific info on what happens when you delete a VSTS user from AD, or what ripple effects take place when you delete them from VSTS itself. MSFT says removing them from AD may make them still appear in VSTS, but they won't be able to log in, yet also says it may take up to 24 hours for a change in AD to show up in VSTS.
When VSTS is linked to AD, does removing a VSTS user from AD ever remove them from VSTS, or does the user always need to be removed from VSTS manually?
Does removing a user directly from within VSTS remove them from any other place in VSTS like "Assigned To" fields, project teams, security groups... anything?
Are users deleted from AAD when they are deleted from VSTS
No, they are not. AAD is the master list and only when a user is deleted from AAD, are they deleted from other applications, not the other way around. That same user may be present in Office 365 and a long list of other applications or may have been assigned one or more azure resources. As such only from AAD can you completely remove a user.
When deleting does the user stay visible
The user will remain visible in Work Items, Changesets, Git Commits, Build history, Release history. These records are kept for historical purposes and auditability and they remain.
The active configuration such as security group access, license assignments etc will be dropped in 24h.
Regarding the second question, the user will be removed from project teams and security groups, but the Assigned to fields won’t be changed even through assigned to this user.
I'm trying to use WSO2IS with an Active Directory LDS.
Using the store to display and read users is no problem.
However when editing a user, there's a hiccup.
The users are situated in OUs in the AD and in the synced AD LDS.
(We use the AD LDS to add user attributes without changing the original AD.)
When I edit a user it will be moved by the IS to the UserSearchBase.
IS is still able to show the user - for now.
When the AD LDS is synced with the AD, the user will be moved back to its original OU.
The IS will not be able to find the user, because it is still looking for the user in the "new" location in the UserSearchBase root.
Only if I restart the IS, the user will be found again.
I tried to recreate the behaviour by hand:
Create user in an OU situated in the UserSearchBase
Edit the user with IS
Move the user back to its original location in the OU in the AD
IS throws error
Is there a way to tell the IS to leave the user DN/location as is?
Is there a way to disable caching? (Without impact on performance?)
Regards,
Mat
This looks like a known issue with Cache Expiry Bug 6471. Please see if the description matches your exception trace.
There is a fix going on for the above. That will be available on future release.
You can also build from the public repository once the fix is done, if this is the case.
Workaround
You can edit and save the user store, if his user store is configured with the UI. You do not need to change any value. This will cause a new instance to be created, thus re-creating the cache.
I have some users that have had no problems at all in the past. All of a sudden they can't log in anymore. Nothing has changed in the OUs in Active Directory. All other users can log in, no problem. It's just these two. The only thing I can see is in the 'field_data_ldap_user_current_dn' table their 'ldap_user_current_dn_value' got set to null. I manually set this in the db back to the correct dn, but this didn't help. How can I get these users their access back?
Edit:
Whenever cron gets run these two users get their DNs nullified.
I don't know if there is another solution, but I had to delete the users account and assign their content to anonymous. Then they logged in using LDAP credentials and the account was created successfully. Then I just had to assign their content back to them.
I have launched a new WSo2 EMM system on windows server 2012. I added in a test administrator to try this out though now I would like to remove the test account. I can remove any user I would like though I cant seem to remove an this admin account.
Any help would be great. Thank you
There are 2 ways you can delete. You can login to the system and under the configuration menu you have the remove link to remove the user. Also additionally you can login to the admin console using
https://localhost:9443/admin/carbon/admin/index.jsp?loginStatus=true
and there is a section called users and roles. There it lists the users. Remove it from their.