Inactive LDAP user accounts Detect that an existing, current, user account is inactive or has been disabled or deleted from an Active Directory (AD) LDAP. A common LDAP integration issue is how to detect disabled or deleted users in an Active Directory (AD) and then deactivate them in the instance. In an Active Directory LDAP, a filter is usually set to exclude inactive users when refreshing, so the instance is not aware of users that are disabled or deleted in AD. The issue is how to detect that an existing, current user is inactive or has been deleted from AD. Note: The recommended approach is to deactivate user records and all other types of records, not delete them. Each record is linked to other records, and deleting a record destroys all the relationships to those other records. Deactivating records keeps those relationships in place. There are two approaches that you can use to find disabled and deleted AD accounts to synchronize your user records: Find inactive LDAP accounts using the lastRefresh time Find inactive LDAP accounts using the userAccountControl field Find inactive LDAP accounts using the lastRefresh timeLocate accounts with inactive or missing LDAP connections.Find inactive LDAP accounts using the userAccountControl field Identify when an Active Directory (AD) user is deleted (or made inactive).