Deleting existing HelpMaster clients

Deleting clients

Deleting users from Active Directory

There are a number of ways a user in Active Directory may be deleted. The most permanent and complete way is to actually delete the user out-right. When an Active Directory user is deleted in this manner, the user record is removed from the list of Active Directory objects and then classed as a “Tombstone” object for a period of time. This time period allows other domain controllers in your network to synchronize their Active Directory database. Once this time period has elapsed, the object is permanently deleted from the Active Directory database.

Another option that is common in Active Directory administration is to simply to move the user to a “Deleted users” OU, or similar container. This method doesn’t actually delete a user from Active Directory - it only moves the user to a location that is understood to hold deleted, or inactive users. The user account is usually marked as disabled in Active Directory. Moving a user account to a holding “Delete” folder allows a user to still exist - albeit in an inactive state, so that they may be re-activated at a later time.

How Active Directory and HelpMaster deletes objects

HelpMaster allows for each of the methods mentioned to be utilized as a way to delete clients in HelpMaster.

Checking for out-right deleted, “Tombstone” objects

This methods looks for deleted users by querying the Active Directory “Tombstone” objects. If such objects exist with a corresponding HelpMaster client, these HelpMaster clients will be deleted. Please note that in order to query Active Directory Tombstone objects, it is necessary to use a highly privileged Windows account such as the Domain Administrator for running the HelpMaster Active Directory service.

This is a built-in Windows-based permission requirement when querying Active Directory Tombstone objects.

Whenever a HelpMaster Active Directory profile has the “Delete clients” checkbox checked, you will need to specify which domain(s) you wish to scan for deleted objects. Note that it is not necessary to specify individual Active Directory OU paths as per a create or update action. The delete action only needs to know which domain to scan for “Tombstone” objects.

Checking for users that have been moved to a “Deleted” style folder, or OU

This method scans the OUs that you have specified and if any users in that OU correspond to a HelpMaster client, these HelpMaster clients will be deleted.

Delete options for HelpMaster clients

In addition to specifying the domain to scan the following options apply

  1. Only delete HelpMaster clients that were created by a HelpMaster Active Directory profile. Use this option if you only want to delete HelpMaster clients that were originally created by the HelpMaster Active Directory service. This may be useful if you had pre-existing HelpMaster clients before you started using the Active Directory service that have since been associated with their corresponding Active Directory user and you do not want them to be deleted if their corresponding Active Directory account is deleted.

  2. Always delete HelpMaster clients. Use this option to always delete the HelpMaster client if their corresponding Active Directory user account is deleted, regardless of how, when or where the accounts were linked or created.

What happens when a HelpMaster client is deleted?

For information about this subject, please refer to What happens when a HelpMaster entity is deleted?

See Also

Active Directory profiles

Active Directory service

Deleting entities