IBM Support

"Unable to delete the user" message when trying to delete user inside AD Manager

Troubleshooting


Problem

Customer has a Controller-on-Cloud system. They would like to delete one of their existing users.
  • Specifically, they want to delete the Citrix/Windows user that is used to logon to Citrix Netscaler website.
Therefore the superuser logs onto the AD Manage website, and deletes the relevant user.
  • TIP: For more details see separate IBM Technote #551997.
Afterwards, inside AD Manager, the superuser is surprised to still see that same user (the one that was deleted) appearing in the list of users. Therefore they try to delete the user again.
  • This time an error appears.

Symptom

The following message appears when trying to delete a user:
image-20191114080136-1
Unable to delete the User.

Cause

Limitation of the Controller-on-Cloud system.
  
More Information:
When a user account is deleted, it is instantly removed from the IBM Cloud active directory. Therefore, that user cannot logon to the system (for example the Citrix Netscaler website). Unfortunately, the AD Manager tool will not be able to recognise the change until either:
(a) The relevant system(s) are rebooted
(b) A manual update/refresh task is performed by the IBM Cloud team.
 
For the avoidance of doubt, that user has successfully been deleted from the Active Directory (cannot be used).
  • However, AD Manager is inaccurately showing that the user still exists.
  • In other words, there is no security problem (because that user is deleted). Instead, the issue is that the AD Manage website is confusing (because it incorrectly shows the user still exists).

Environment

Controller on Cloud.

Resolving The Problem

Fix:
Await a future version of the IBM Cloud active directory to be implemented, which will allow the AD Manager tool to instantly see any user deletions that are made.
Workaround:
Either:
(a) Wait for a system reboot to occur (for example at a 'Maintenance Weekend')
(b) Raise a support ticket with IBM Support, and ask for an AD Manager manual refresh to be performed.

Document Location

Worldwide

[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSMRTZ","label":"IBM Cognos Controller on Cloud"},"Component":"","Platform":[{"code":"PF033","label":"Windows"}],"Version":"All Versions","Edition":"","Line of Business":{"code":"LOB10","label":"Data and AI"}}]

Document Information

Modified date:
12 October 2021

UID

ibm11106895

Page Feedback