In doing some testing, we set some accounts to an active lifecycle state manually. When I do a search on these accounts later in search, the lifecycle state shows as active without the (manual) status next to it. When I go to identity and search for those users, it does show it as a active (manual).
How do you make sure that you can do reporting for any that are set manually? I would also want to be able to know who set the LCS manually. I don’t find anything unique with the event to see anything that would indicate it was a manual process.
Risk is that someone could be set active manually by an administrator and that LCS could be stuck there with the potential to have an active account that shouldn’t be there. This could cause a back door approach for a disgruntled employee.