There are a number of ways a user in Active Directory may be deleted. The most permanent and complete way is to actually delete the user out-right. When an Active Directory user is deleted in this manner, the user record is removed from the list of Active Directory objects and then classed as a "Tombstone" object for a period of time. This time period allows other domain controllers in your network to synchronize their Active Directory database. Once this time period has elapsed, the object is permanently deleted from the Active Directory database.
Another option that is common in Active Directory administration is to simply to move the user to a "Deleted users" OU, or similar container. This method doesn't actually delete a user from Active Directory - it only moves the user to a location that is understood to hold deleted, or inactive users. The user account is usually marked as disabled in Active Directory. Moving a user account to a holding "Delete" folder allows a user to still exist - albeit in an inactive state, so that they may be re-activated at a later time.
HelpMaster allows for each of the methods mentioned to be utilized as a way to delete clients in HelpMaster.
This methods looks for deleted users by querying the Active Directory "Tombstone" objects. If such objects exist with a corresponding HelpMaster client, these HelpMaster clients will be deleted. Please note that in order to query Active Directory Tombstone objects, it is necessary to use a highly privileged Windows account such as the Domain Administrator for running the HelpMaster Active Directory service. This is a built-in Windows-based permission requirement when querying Active Directory Tombstone objects.
Whenever a HelpMaster Active Directory profile has the "Delete clients" checkbox checked, you will need to specify which domain(s) you wish to scan for deleted objects. Note that it is not necessary to specify individual Active Directory OU paths as per a create or update action. The delete action only needs to know which domain to scan for "Tombstone" objects.
This method scans the OUs that you have specified and if any users in that OU correspond to a HelpMaster client, these HelpMaster clients will be deleted.
In addition to specifying the domain to scan the following options apply
Active Directory profiles
Active Directory service