Issue:
The user repository in the Messaging Security Gateway (MSG) appliance contains a large amount of users that have been imported from Active Directory, but are no longer part of it. Can the appliance automatically remove users from its user repository as they are removed from Active Directory?
Resolution:
You can configure the import profile to remove user profiles that are not present in the imported data:
- Log in to the MSG web user interface
- Select the System-tab at the top of the page
- Navigate to User Management->Import/Auth Profiles using the left-hand menu
- Click on the LDAP import profile you want to modify
- From the window that appears, click on Advanced in the top right corner
- Under Import Settings, set Remove User Profiles Not Imported to On
- If you have multiple import profiles, set Add to Group/Sub-org With Profile Name () to On and set Type to the preferred option, between Group and Sub-Org. This is to prevent an import profile to remove users belonging to another profile
- Click Save Changes
Next time the import profile is run, any user that isn't present in the AD will be removed from the MSG user repository. This will be either when the next LDAP import is scheduled, or when the task is run manually (by marking the import profile on the User Management->Import/Auth Profiles-page using the left-hand side checkbox and clicking Import)
Note: the setting Remove User Profiles Not Imported has a value for the maximum amount of users that it will remove at the same time. This is to prevent for example a failed import from deleting the whole user repository. If the actual number of users to be deleted exceeds this limit (default set to 50), the import process might not complete successfully and remove the users. To circumvent this, temporarily change the value for Restrict Number Of Profiles To Be Deleted To Less Than to be greater than the total amount of users in the group that the profile imports to, and run a manual import. You find the setting by following steps 1-5 from above.
Article no: 000018910