Problem
Enablement of Home Directory deletion prior to MS AD account deletion of the user through SailPoint ISC as its not happening just by inserting the required attributes of “homeDrive” and “homeDirectory” into Delete Account Profile of AD.
Diagnosis
The troubleshooting steps are as follows.
-
We Integrated the ISC with MS AD through OOTB connector.
-
In the OOTB connector, we had 2 attributes namely “homeDrive” and “homeDirectory” which is supported.
-
Hence, we added the above attributes in delete account profile
-
The mentioned 2 attribute values were getting aggregated into ISC and getting provisioned and populated/removed inside the AD profile of user.
-
But the physical drive deletion does not happen.
-
This needs to be done separately using powershell scripts.
Solution
-
We create the AD Before Delete Connector Rule in ISC.
-
Through this Before Delete AD connector rule, we are calling another PowerShell script to maintain the recommendations of SailPoint of “Asynchronous approach” in connector rule.
-
The details of the AD Before Delete Connector rule are as follows.
Before Delete AD Connector Rule.txt (2.3 KB)
- The actual powershell script which creates the home directory is as follows.
DeleteHomeDir.txt (6.6 KB)
With above PowerShell scripts sample, you can successfully perform the deletion of Home Directory from the exact physical location.