• State Verified Answer
  • Replies 1 reply
  • Subscribers 28 subscribers
  • Views 321 views
  • Users 0 members are here
Options
Related

Automatic Removal of Discovered Accounts

walied shoaip
7 months ago

I have created an account discovery rule that discovered some accounts on Active Directory based on the group they're member of.

I want to ask about the case if I deleted theses discovered accounts from Active Directory, will they be deleted from Safeguard accounts? I've looked at the documentation though I didn't find anything mentioning this issue.

Also, if they're not automatically removed from Safeguard, must they be deleted manually from it?

Parents
  • +1 7 months ago

    Hi,

    If you delete the discovered accounts from Active Directory then after Directory Sync runs a full sync (which runs every 24 hours by default) then this will also delete the AD accounts from Safeguard.

    To force a fullSync (aka delete sync) on demand (rather than waiting the 24 hours) you can trigger this using the Swagger Core API:

    Connect to Primary SPP using the URL: https://{SPP_IPorHostName}/service/core/swagger/

    Authorize > Click Authorize Button > Authenticate to SPP using Admin equivalent credentials 

    You will need to get the AD Asset ID first from GET/v4/Assets

    Then use the AD Asset ID in this endpoint 

    Expand POST/v4/Assets/{id}/Synchronize

    Click Try it Out

    Type the id

    Change fullSync drop down is set to True

    Click Execute

    Thanks!

Reply
  • +1 7 months ago

    Hi,

    If you delete the discovered accounts from Active Directory then after Directory Sync runs a full sync (which runs every 24 hours by default) then this will also delete the AD accounts from Safeguard.

    To force a fullSync (aka delete sync) on demand (rather than waiting the 24 hours) you can trigger this using the Swagger Core API:

    Connect to Primary SPP using the URL: https://{SPP_IPorHostName}/service/core/swagger/

    Authorize > Click Authorize Button > Authenticate to SPP using Admin equivalent credentials 

    You will need to get the AD Asset ID first from GET/v4/Assets

    Then use the AD Asset ID in this endpoint 

    Expand POST/v4/Assets/{id}/Synchronize

    Click Try it Out

    Type the id

    Change fullSync drop down is set to True

    Click Execute

    Thanks!

Children
No Data