Provisioning and Deleting Users
Posted by Jay Sudowski (Import) on 04 October 2006 05:23 AM
Deleting the User
- Editing a de-provisioned user - Select the
icon to do this.
- Provisioning a de-provisioned User - You do this by selecting the
When you do this you will see the same screens as when you edit an existing
user where most of the user’s details are already entered. However
there are some important differences:
a. If you save any changes to a de-provisioned user then the user will be
b. As the user has been deleted, you will need to enter a password for the
user as you finish the Account Status tab.
If you select Save, then the user will be provisioned and the changes that
you made will be saved as well.
The user will not have any services allocated to them and you will need
to do this next.
Usually the delete icon will be greyed out like .
To remove a user from your company the first step is to de-provision the user
and then you can delete the user. Once you have De-Provisioned the user, you
delete the user by selecting the
icon and this will remove the user altogether.
icon will cause the Administration Web page to query the user’s provisioning
status and redisplay it. Note that the page will not refresh the status automatically
unless something else changes.
The Reset Status icon will always be greyed out like .
This link is only available for the Service Provider to reset things in unusual
Disabling a user versus De-Provisioning a user.
De-Provisioning a user seems like it is very similar to disabling
a user. However there are two important differences:
- Disabling the user disables the user’s Active Directory
account whereas De-Provisioning a user deletes the user’s
Active Directory account.
- Disabling the user does not remove any services from the user whereas
De-Provisioning removes all services from the user.
Because of these differences de-provisioning a user and then provisioning
the user (even then re-provisioning all the services that the user had)
is not the same as disabling the user and then enabling the user.
This is because there are some services that are very closely tied to Active
Directory. If you Disable a user and then Enable the same user then those
services closely associated with Active Directory will continue to work
for the user as if nothing had changed.
In contrast when you De-Provision a user then the user’s Active Directory
Account is deleted.
When you re-Provision the user a new account will be made in Active Directory
for the user with the same name and details. However it will not be the
same user account and many of those services that have a close tie to Active
directory will not recognise that it is the same user.
Where the user has been De-Provisioned and then at some time later Provisioned
again then the user can have all the same services associated with them
but they will not have a continuous service and the user’s history
will be lost.
Examples of services with a close tie to Active Directory are; Exchange,
Windows SharePoint Services, SharePoint Portal Server, and Live Communications