• State Verified Answer
  • Locked Locked
  • Replies 4 replies
  • Subscribers 62 subscribers
  • Views 3486 views
  • Users 0 members are here
Options
Related
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Active Roles edsvadeprovisiondeletiondate

vincent chan
over 5 years ago

We have a policy that will delete deprovisioned user 31 days after.  Can I change the edsvaDeprovisionDeletionDate by setting it to tomorrow, and force and earlier deletion that way?  I am just doing a test right now, as we want to be sure that the internal built-in deletion policy is going to remove the account based on that attribute.   Did some research, looks like the policy will execute @ 3am.   

  • 0 over 5 years ago

    Hi,

    That's correct indeed - and you can even speed up the deletion process further by manually running the "Deletion of Deprovisioned Objects" scheduled task after amending the date. It basically looks for any accounts/groups with a DeprovisionDeleteDate in the past and deletes them accordingly.

    Ook

  • 0 over 5 years ago in reply to Michiel

    Michiel,

    Hm...It did not remove the account yesterday.  Is there anything special i need to be aware of...any specific delegate rights?  Any error code I can check?

  • +1 over 5 years ago in reply to vincent chan

    Hi,

    There shouldn't be more to it than just a "DeprovisionDeleteDate" in the past - did you use the correct date format? The ARS service account indeed needs to have permissions to delete the object.

    There should be events created (in the 'EDM Server' log) for each attempt to delete an account; for successful deletions, there are 3 (and for errors, just 2):

    Successful:
    Event 2691: Operation request has been submitted to ActiveRoles Administration Service
    Event 1513: Object is deleted
    Event 2692: Operation has been successfully performed

    Failed:
    Event 2691: Operation request has been submitted to ActiveRoles Administration Service
    Event 2693: ERROR: Operation failed

    Hope this helps!

  • 0 over 5 years ago in reply to Michiel

    Thanks Michiel, got the answer from support, it is related to the scheduled task: Deletion of Deprovisioned Objects

    Thanks again.  It is working now.  :)

    Vincent