MSG LDAP import profile is not removing users that are no longer in the Active Directory (AD)

This discussion has a more recent version.
Customer_CareCustomer_Care Posts: 548
in Other Business Security Products

Issue:

The user repository in the MSG-appliance contains a large amount of users that have been imported from Active Directory, but are no longer part of it. Can the MSG-appliance automatically remove users from its user repository as they are removed from Active Directory?

Resolution:

The import profile can be set to remove user profiles that are not present in the imported data:

  1. Log in to the MSG Web UI
  2. Select the System-tab at the top of the page
  3. Navigate to User Management->Import/Auth Profiles using the left-hand menu
  4. Click on the Ldap import profile you want to modify
  5. From the window that appears, click on Advanced in the top right corner
  6. Under Import Settings, set Remove User Profiles Not Imported to On
  7. If you have multiple import profiles, set Add to Group/Sub-org With Profile Name () to On and set Type to the preferred option, between Group and Sub-Org. This is to prevent an import profile to remove users belonging to another profile
  8. Click Save Changes
Next time the import profile is run, any user that isn't present in the AD will be removed from the MSG user repository. This will be either when the next ldap import is scheduled, or when the task is run manually (by marking the import profile on the User Management->Import/Auth Profiles-page using the left-hand side checkbox and clicking Import)

Article no: 000018910

Like
Sign In or Register to comment.