Skip to main content
Kofax

Users move to a different OU in Active Directory remain active in Equitrac database after AD Sync

Problem description:

With Equitrac EE/EO, user IDs created by Active Directory Synchronization (ADS) remain active in the Equitrac database even after the user account within Active Directory was move to a different OU that is not configured within ADS.

For example:

  1. Equitrac AD Sync is configured to sync against OUs UNO and DOS
  2. User cheredia was successfully imported
  3. Later on user cheredia is moved from OU DOS to OU TRES
  4. After the next AD Sync occurred, user cheredia remain active within Equitrac database

Resolution:

This is the expected behavior, only if the user account is deleted within Active Directory the respective user ID within Equitrac will be deleted as well(*).

If the user account that was moved to a different OU is no longer required within Equitrac, it can be manually deleted or "locked down" through Equitrac System Manager, this change will not affect the user account within Active Directory neither affect any historic transaction within the Equitrac reports.

(*) If "Deletes" is configured within ADS and the service account starting the Equitrac Scheduler service has enough rights to see the "deleted object container" within Active Directory.  Please refer to the EQModifyDeletedContainerSecurity command within Equitrac Administration Guide.

Note: The same is applicable to XSA (Xerox Secure Access Unified systems).