Marcus Deleting is a tricky thing. Since we can’t listen to AD delete events, the only way to implement is during synchronous, if the user is not retrieved, then *assume* the user is deleted.
If we go by this assumption, then if there are any manual configuration error, e.g. Admin mis-configures the filter condition and it didn’t sync all the users, then if we auto delete the users, any policies the user is associated will be lost. To play it safe, we decided not to auto-delete the users. But I think, there is an API to delete the user. So you will have write your own script... So depending upon your requirements, there might a work around available. Also, if you any requirement suggestions, we can discuss it. Thanks Bosco On 1/7/16, 3:21 AM, "Margus Roo" <[email protected]> wrote: >Tnx for the answer. >Is there any reason why is that? Am I the first who need to delete using >sync? >And is there best practice to achieve it? > >Margus (margusja) Roo >http://margus.roo.ee >skype: margusja >+372 51 48 780 > >On 07/01/16 13:02, Arvind S wrote: >> Ranger does not delete the user. You will have to manually delete from >> ranger. >
