I want to clarify if my understanding on IDN delta aggregation and manual correlation behavior is correct.
I have an use case on an AD account, namely “john123”. This account is uncorrelated at the first place for some reason, hence I have correlate this AD account “john123” to the correct owner, which identity, “John”.
Here’s the situation where I need to clarify.
AD account, “john123” has been deleted (as of delete delete from the directory). However in subsequence delta aggregation, it still picks up this “john123” as it was.
It suppose to disappear away from the identity, “John”. But it still correlated to John and appear under “Account” tab in that AD source page.
I want to clarify if this situation is because I have manual correlate this account? hence it will never disappear from the identity?
Or delta aggregation? But I cross-check that delta does detect deletion.
Not sure if anyone face similar issue or can enlighten me on this.
You have to first remove the manual correlation and then run the un-optimized aggregation, it will correlate with the correct identity. You can check following links.
Are you sure your AD Service Account has the proper permissions to discover the deleted objects during the Delta Aggregation? Otherwise ISC will not pick up that the deletion has occurred:
We are able to detect deleted account via delta aggregation for those automatic correlated account via rule and criteria. But my case is on manual correlated.
