In my State agency, which deals with the same regulations and litigations that any state agency does, it is not possible to actually delete user IDs for a number of years. However, because of changes in Novell licensing for sites that use IDM, user licensing is now predicated on whether the ID has an Enabled IDM association, rather than whether It is an active account.

Therefore, it is fiscally advantageous to disable the eDir/Groupwise/IM associations of
old expired and/or eDir disabled accounts.

But these users often do return and need their account to work again.

Sometimes, after a previously disabled user object is moved from a Disabled container into the live container, after the IDM associations are enabled and processed, and the account is enabled, checking the GW object results in an error message as below.

Here is the process to fix this.

  1. In iManager, Disable the GW association.
         Modify Object
         Identity Manager Tab
         Checkbox the GW Association
         Actions Tab
         Edit selected association
         Check “Disable association…” box.
         Click OK
         Click Apply
         Click OK

  2. In ConsoleOne, GW System, connect to this user’s domain.
  3. Disassociate the user from the invalid non-existent object.
         Right click user
         “GroupWise Utilities”
         “GW / eDirectory Association”
         “Disassociate GroupWise Attributes…”
         Say Yes to “Are you sure” and OK the DirXML advisory “Warning”.
  4. Check user object has become a “White Shirt”. Might want to wait a minute to ensure synchronization throughout.
  5. Still in C1, follow most of the same steps to Associate.
         Right click user
         “GroupWise Utilities”
         “GW / eDirectory Association”
         “Associate Objects…”
         OK the DirXML advisory.
         Browse to eDir User Object
         Click OK.
         Wait a few for it to process and become a “Red Shirt”.
  6. In iManager Delete the GW Association.
    Modify Object
         Identity Manager Tab
         Checkbox the GW Association
         Click “Delete…”
         Click “OK” to warning.
         Click Apply.
         Click OK.
  7. Migrate the User Object to put changes in force.
         In iManager, “Identity Manager Overview”.
         “Search Entire directory”
         Under “Running on servers…” click on server currently hosting the IDM drivers.
            All drivers should show Green, not Red or yellow.
         Click GroupWise driver.
         Select “Migrate…”/ “Migrate from Identity Vault”.
         Click on History button and select User Object.
         User appears in box.
         Click “OK”.

    You should see “The migration was successfully started!”
    Give it time to process; every situation is different, from a couple seconds to minutes.
    Check User ID GroupWise account in ConsoleOne.
         “Post Office:” choice box.
         “Visibility:” dialog box.
         “External Sync Overide:” (“Sychronize according to…:”) dialog box.
         “Expiration Date:” checkbox.
         “Disable Logins” checkbox.
    Re-connect to your normal GroupWise domain.

0 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 5 (0 votes, average: 0.00 out of 5)
You need to be a registered member to rate this post.
Categories: Uncategorized

Disclaimer: As with everything else at NetIQ Cool Solutions, this content is definitely not supported by NetIQ, so Customer Support will not be able to help you if it has any adverse effect on your environment.  It just worked for at least one person, and perhaps it will be useful for you too.  Be sure to test in a non-production environment.

Leave a Reply

No Comments
By: cnejack
Jun 4, 2008
11:38 am
Active Directory Authentication Automation Cloud Computing Cloud Security Configuration Customizing Data Breach DirXML Drivers End User Management Identity Manager Importing-Exporting / ICE/ LDIF Intelligent Workload Management IT Security Knowledge Depot LDAP Monitoring Open Enterprise Server Passwords Reporting Secure Access Supported Troubleshooting Workflow