Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 2 replies
  • Subscribers 2 subscribers
  • Views 5899 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Automatically delete user accounts no longer in AD possible?

apijnappels
New AD-users are automatically created in UTM upon login (or while prefetching users from AD), but former employees are not removed automatically. 

Is it possible to automatically delete user accounts in UTM (synced account from AD) when the user is deleted from AD?


This thread was automatically locked due to age.
Parents
  • 0
    There's no automated way to do this, but the user should be disabled in the UTM when disabled in AD.

    You can easily delete all users and add back those you want if you haven't deployed Remote Access VPN that uses certificates.  Make sure you get a good config backup before you use the script posted by Scott Klassen.

    In terms of syncing, have you read #6 in Rulz?

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson
    There's no automated way to do this, but the user should be disabled in the UTM when disabled in AD.

    You can easily delete all users and add back those you want if you haven't deployed Remote Access VPN that uses certificates.  Make sure you get a good config backup before you use the script posted by Scott Klassen.

    In terms of syncing, have you read #6 in Rulz?

    Cheers - Bob


    We usually delete users that are no longer employees (in stead of disabling them). It's not that many, so for now it's not a too big deal to also delete them from UTM. I will have to create a test user to see if this user is also blocked access should it be "forgotten" to disable/delete from UTM but only from AD.

    Yes, I have read #6 in Rulz. We don't automatically sync accounts, but every now and then we sync manually so we are able to download VPN-packages for end-users.

    Managing several Sophos UTMs and Sophos XGs both at work and at some home locations, dedicated to continuously improve IT-security and feeling well helping others with their IT-security challenges.

    Sometimes I post some useful tips on my blog, see blog.pijnappels.eu/category/sophos/ for Sophos related posts.

Reply
  • 0 in reply to BAlfson
    There's no automated way to do this, but the user should be disabled in the UTM when disabled in AD.

    You can easily delete all users and add back those you want if you haven't deployed Remote Access VPN that uses certificates.  Make sure you get a good config backup before you use the script posted by Scott Klassen.

    In terms of syncing, have you read #6 in Rulz?

    Cheers - Bob


    We usually delete users that are no longer employees (in stead of disabling them). It's not that many, so for now it's not a too big deal to also delete them from UTM. I will have to create a test user to see if this user is also blocked access should it be "forgotten" to disable/delete from UTM but only from AD.

    Yes, I have read #6 in Rulz. We don't automatically sync accounts, but every now and then we sync manually so we are able to download VPN-packages for end-users.

    Managing several Sophos UTMs and Sophos XGs both at work and at some home locations, dedicated to continuously improve IT-security and feeling well helping others with their IT-security challenges.

    Sometimes I post some useful tips on my blog, see blog.pijnappels.eu/category/sophos/ for Sophos related posts.

Children
No Data
Unfiltered HTML