6.4 Using the GroupWise Snap-Ins to Remove a GroupWise Account

You can delete an Identity Vault User and the corresponding GroupWise account with the GroupWise snap-ins. However, the recommended procedure is to remove the user from the authoritative data source and let the driver remove the account from GroupWise. The Identity Vault user must have a valid Identity Manager association to the driver for this to work. The driver might log a warning or error if the account is deleted by using the GroupWise snap-ins, because the object might have already been removed when the driver tries to delete it.

Use the steps in this section if it is necessary to use the GroupWise snap-ins to remove the GroupWise account.

  1. Do one of the following:

    • If an Identity Manager association exists, change the state to Disabled.

      When the user has an Identity Manager association to the driver with the state set to Disabled, and an attribute is changed in the Identity Vault, Identity Manager disregards the Modify request.

    • If an Identity Manager association does not exist, manually create one, set the associated object ID to any value, then set the state to Disabled.

      When the user does not have an Identity Manager association and an attribute is changed on the Identity Vault user, the GroupWise account is re-created. When a user has an Identity Manager association to the driver with the state set to Disabled, and an attribute is changed in the Identity Vault, Identity Manager discards the modify request.

  2. Delete the GroupWise account.

  3. To re-create the GroupWise account, delete the association.

  4. Change an Identity Vault attribute for the user that the driver watches for modifications or resynchronization.