Skip to main content

 

Druva Documentation

Disabling inSync users marked for deletion under Active Directory

Overview

This article contains instructions on disabling inSync users that have been disabled in the active directory. inSync administrators might find this article useful. 

Resolution

An Active Directory (AD) authenticates users and computers across a Windows domain network. Upon the departure of employees from your organization, you might delete or disable their user accounts depending on your organization’s policy.

The inSync Server periodically matches users imported from AD with the list of users in your organization’s AD. If the inSync Server discovers that some users in the AD are deleted, it disables the inSync accounts of those users.

However, if your organization’s policy mandates user accounts in your AD to be disabled in addition to getting deleted, you must set the inSync Server to respond to disabled users instead of deleted users. To do this, you modify theinSyncServer.cfg (Windows) or inSyncServer.conf (Linux) file.

To disable inSync users:

1. Stop the inSync Server.

2. On inSync Server, locate the inSyncServer file.

For Enterprise and Professional Editions:

  • (Windows): C:\inSyncServer4\inSyncServer.cfg
  • (Linux): /etc/inSyncServer4/inSyncServer.conf

For Private Cloud:

  • (Windows): C:\inSyncCloud\inSyncServer.cfg
  • (Linux): /etc/inSyncCloud/inSyncServer.conf

3. Open inSyncServer in a word editor.

4. Set the MANAGE_AD_DISABLED_USERS to TRUE.

5. Save your changes.

6. Start the inSync Server.

Note: inSync Server now performs these actions:

  • If AD users are deleted, inSync Server disables the corresponding user accounts
  • If AD users are disabled, inSync Server disables the corresponding user accounts
  • Was this article helpful?