Hi dear OS Team,
we have configured active directory synchronization via ad groups with help of the provided xml-template.
The synchronization works fine - groups as well as accounts and their properties are synchronized correctly.
We also configured the 'dangling' and 'deactivated' objects like so:
<danglingobjectsparent name="benutzer_inaktiv" />
<deactivatedobjectsparent name="benutzer_inaktiv" />
Our expectation was, that if AD account is deleted, it'll simply be moved into the 'benutzer_inaktiv' group in yuuvis.
However, if a person's account in AD is deleted, we observe inkonsistent behavior.
Sometimes accounts stay 'active' and 'present', in the system and are moved to the group 'benutzer_inaktiv' (which is kind of what we want)
Sometimes they are marked as 'not active' but 'present' in the system and are moved to the group 'benutzer_inkativ' and the management console displays the message 'No user account available.' This causes some issues with object dependencies in the system.
Could you tell us, what is the designed behavior for deletion of the AD Account?
Can we somehow solve the issue with 'no user account available'?
Thank you!
Umar