User account deletion in SunMC(SMC console) - Systems Maintenance(Archived)

I've been cleaning up my NIS user account on the NIS Master and was using the SMC console to delete user accounts that are no longer needed. These accounts appear to be regular user account created years ago when I try to delete them I'm getting the following error: "The delete of the user account for User test1 could not be performed because that account is a mandatory system account." Any help would be greatly appreciated, thanks. 

Ok, I have figured out why I was getting this error, whomever created the user accounts long, long ago used the default system IDs 99 and below when assigning the user ID. When I tried to delete the accounts through SMC I kept getting the aforementioned error. I used vi editor and edited the passwd file and changed their user ID to some number above 99. Once this was done I opened SMC and deleted the unwanted accounts as desired.

Related

Reconcilation error

While doing reconcilation on Active Directory the following error is encountered and the reconcilation failed:
Error while recording account claims for user <SSO_ID> on resource <Resource_AD>:
com.waveset.exception.ItemNotFound: Cannot determine an unambiguous match in the Account Index for the accountId
'cn=XXXXXX,cn=Users,dc=us,dc=ae,dc=ge,dc=com' (GUID='(null)') on resource <Resource_AD>
Has anyone faced similar situtation ?
Looking for a remedy on the same. 
Hi,
I faced the similar issue... but dont know the exact prob or solution ...
i just deleted that particular IM and AD account, it started to work fine ;-)
if any one know the correct sol pls tell me...
Thanx
Deva 
which version of IDM are you using 
IDM 6.0 
I just experience the same error.
What I did was go into Resources/Examine Account Index, opened up the Active Directory resource and found 2 occurrences for the problem associate. They were listed this way:
Cn=Smith,Greg \ Confirmed
Cn=Smith,Greg \ Deleted
I am not sure how this situation happen. So I selected the "Deleted" record, and selected "Unlink account from Owner". I then had to "enable" the IDM account for this associate - to get rid of the yellow triangle warning. I then reran the reconcilation and it worked. 
I also got the same error. I exported all the idm account index from the configurator console and then deleted the account index for that user.
Again I ran the recon and things were back to normal. You don't need to delete resource account or IDM account. The root problem is account index is corrupted. 
The user encountering the error is most likely to have duplicate account Index.
To delete the account index, you can go to Debug page --> List Objects --> Accounts.
You can delete the account indexes for that user.
Account index will be re-populated upon the next recon.
The most likely cause is that some sort of native action is occurring in AD while reconciliation, or possibly someone tampers with the DB, or IDM and AD become out of sync, whatever...
Somehow two account indexes are created for the same user. 
I have the same problem but is not possible to do change all accounts in the account index nor debug-list-accounts since I have thousands of account indexes with this issue.
Is there another work around for this issue? (I think accounts fall on this situation when in ActiveDirectory resource change their OUs)
Thanks
Edgar Torres 
When I see the reconciliation status, it showing same unambiguous match error and when I go to Debug -> List Objects -> Account, I see whole bunch of duplicate Account Index of users account.
So my question is does 'Full Reconciliation' creates a new account index each time it runs?
Message was edited by:
Tushar22 
Hi all,
I have run the reconcilation process on AD resoure but it failed.
I checked with all posible suggested solutions but no luck.. finally i thougt to reconfiguration of resoure itself.so is that possible??
Is that consilation failure issue requires to re-configure the AD resoure?
Please suggest me as soon as possible.

Deletion of two LDAP accounts for same user in SIM

Please help me in deleting a user's LDAP account which I created by linking the user's account at the Discovered Accounts section,after filling which the user has got two accounts. On with confirmed status and the other as the found status. Can anything be done on it. Please let me know.

Can't delete user 's Identity Manager account

I'm attempting to delete the IdM account for a single user via the admin gui in v7.1. When I select Delete for the user's Identity Manager resource account, I receive the error message:
"Delete not allowed since '[username]' owns one or more WorkItems that would be orphaned. Resolve or forward this users workitems to another user before attempting to delete."
However, when I log in with that user's account, he has no outstanding work items. Has anyone else run into this? Any ideas how to resolve?
Also, the reason I'm trying to delete the account is to re-create it via reconciliation so some attributes I've started storing locally since the account was first pulled in will be stored locally for this user; any tips on ways to update locally-stored attributes for existing accounts would also be welcome. 
The reason is: there is already an "orphaned" workitem with no corresponding "task". Somehow the IDM scheduler cleared the task but failed to clear the workitem. It happens very rarely - I have seen it may be once in 3 years.
Here is the solution:
In Debug page, list workitems. View the the list - one of the workitems has the "accountId" you are trying to delete in it.
Make sure corresponding "'TaskInstance id" does not exist in "Server Tasks" view.
Delete this workitem and you will be able to delete the user.

recon is showing accounts deleted even when they are not...IDM 5.5

I am testing reconciliation for domino accounts. I can create the user accounts (idm and domino) without any errors. I go to examine account index for domino and I see the records there with the situation of CONFIRMED.
I then click "full reconcile now" and it runs without throwing any errors. The problem is all the accounts I created that once said CONFIRMED now say DELETED. I verified the accounts are on the resource. If I then highlight an individual account and click "reconcile account" It will comeback and say CONFIRMED again and everything looks good... until I try to go a recon again, then it gets set to DELETED.
Anyone have any idea why the individual recon works but the full and incremental keep saying my accounts are gone?

Login Correlation Rule

Hi Everyone,
I'm currently working with IdM 7.1.1.7 ( Idm 7.1 Update 1 Patch 7) and I cannot seem to get the login correlation rule to be fired when I'm logging in. I have Lighthouse, AD, and LDAP stacked in my login module. I have AD assigned to a correlation rule and it never gets executed, (I've tried trace and debugging and it never gets called). When a user logs in with a SamAccount name and an expired password I get the following error:
Your password has expired for account testuser1 on resource AD (Windows Active Directory). Please change it now.
Item User:testuser1 was not found in the repository, it may have been deleted in another session.
The IdM user has a different login than the SamAccount name in AD and the login correlation does not appear to match it to the corresponding IdM user and subsequently attempts to fetch the IdM user based on the SamAccount name which doesn't exist in Idm. Has anyone ever seen this before? If so, is there anything special I need to do to get the login correlation rule to work? Thanks in advance for any suggestions or ideas. 
I had the same problem. It turns out this is a bug and Sun is creating a hot fix.
Case# 65974363
Still in the process of testing. You may be able to get hotfix as well.
Larry

Categories

Resources