We are having a problem on Native Change Account Deletion on Active Directory source. Even though we have enabled the “Native Chnage Detection“ for deleted accounts, we are not able to find those events in the search.
See the search result for the deletec accounts, all results are outdated and we don’t see anything for the deleted AD account. Any idea what might be wrong? Thanks in advance!
Account Delete threshold for AD might not have been set to a proper percentage.
2.There may be something wrong in setting up the “Delete” provisioning policy for Active Directory source.
OR
Delete policy might not even have been set on the Active directory source.
Service account configured for AD, might not have permission to delete accounts in AD
If all of the above is proper, then may be there is just delay in the search event results and the search results will appear after some hours. (i have seen the delay in search results after the events are happened).
Hope this helps.
Feel free to provide more details if none if my comments worked..
Thanks for the detailed explanation. Can I also validate that this works only when the account is deleted by SailPoint? Because I assumed the native change detection for delete accounts should also be triggered during aggregation (If accounts also deleted in the target system). The reason that I think so is the Native Change Detection for Account Deletion works for the authoritative source when accounts are deleted in the target system and accounts are removed during account aggregation.
@sahincelik, i don’t think that Native change enablement for Target source will create any events in ISC when accounts are deleted in Target source directly and NOT deleted by SailPoint…!!!
But, I have not tried and tested this in any of my project that I worked on…!!
I am saying this based on my theoretical knowledge of ISC…!!
Unlike you, I believe it should be detected by aggregation as mentioned in the guide. Otherwise it does not make any sense because we already should be known if the delete action is performed by SailPoint by searching the provisioning logs (events).
