This article applies to:
- Product edition: inSync Cloud and On-Premise
The Auto delete preserved users setting in the inSync profile ensures preserved users are deleted from inSync after a specified time interval. However, in some scenarios in spite of users being disabled or deleted from the Active Directory and marked as preserved, they are not deleted long after the auto-delete interval has passed.
Before auto-deleting the preserved user, inSync needs to validate the state of the preserved user from the Active Directory. If the validation of the user state from the Active Directory fails, inSync does not auto-delete the preserved users.
The validation fails in the following scenarios.
- inSync Connector is disconnected or inSync is unable to communicate with the AD\LDAP server.
- An AD/LDAP server account is registered without any AD mapping associated with it. The in-built safety mechanism of inSync prevents the deletion of preserved users when an AD account without any AD mapping associated with it.
There is no AD/LDAP mapping associated with AD/LDAP account id=2685 and therefore can not check existence of users on AD/LDAP server.
- Ensure all inSync Connectors are connected and the AD server is reachable.
- Delete unnecessary AD accounts and associate an AD mapping with the AD server.