Today I stumbled upon a small problem with our RSA Authentication Manager environment. Accidently there where added two identity sources, to the same LDAP (AD) server. When I tried to delete one of these identity sources, I got an error that it was still linked or that it still has connected users or groups to it.
I really wanted only one identity source, otherwise it could become a big mess in the future. So after some struggling around, it was, as usual, quiet easy at the end. To delete the connected users of the unlinked identity source, you login to the security console and go to setup -> Component Configuration -> General. Here you find the magic checkbox which is labelled “Force system to delete all users and user groups from internal database that no longer exist in the external identity source”, make sure this one is checked. Below you can schedule the time it has to run, I set it one minute ahead. So after a few minutes about 5 or 10, I was able to go the operations console and delete the identity source.
Unfortunately I couldn’t figured out, which users where deleted by this action.
Since there weren’t added a lot of users, since this mistake was made. It was easy for me to find the request for authorization, so I added them manually later.