Thank you for your feedback.
Form temporarily unavailable. Please try again or contact to submit your comments.
  • London
  • Kingston
  • Jakarta
  • Istanbul
  • Helsinki
  • Geneva
  • Store

Inactive LDAP user accounts

Inactive LDAP user accounts

Detect that an existing, current, user account is inactive or has been disabled or deleted from an Active Directory (AD) LDAP.

A common LDAP integration issue is how to detect disabled or deleted users in an Active Directory (AD) and then deactivate them in the instance. In an Active Directory LDAP, a filter is usually set to exclude inactive users when refreshing, so the instance is not aware of users that are disabled or deleted in AD. The issue is how to detect that an existing, current user is inactive or has been deleted from AD.

Note: The recommended approach is to deactivate user records and all other types of records, not delete them. Each record is linked to other records, and deleting a record destroys all the relationships to those other records. Deactivating records keeps those relationships in place.
There are two approaches that you can use to find disabled and deleted AD accounts to synchronize your user records:

This site is scheduled for a small content update on Tuesday, December 18th, between the hours of 4:00pm and 8:00pm Pacific Time (Dec 19 00:00 – Dec 19 4:00 UTC). Access to this site may be slightly delayed during that time.