CA Identity Manager: Deleting accounts from IM that have been removed from their endpoint

Document ID : KB000093551
Last Modified Date : 03/05/2018
Show Technical Document Details
Introduction:
If an endpoint administrator deletes user accounts directly on an endpoint, that will not automatically reflect in Identity Manager. This will leave Identity Manager pointing to user accounts that no longer exist. This document discusses the easiest way to remove those accounts.
Background:
Identity Manager gains its understanding of an endpoint through explore and correlates (E&C). Without performing an explore, Identity Manager has no knowledge of the current status of an endpoint system. Therefore, when E&Cs are not performed on a regular basis the information Identity Manager has about an endpoint can be drastically different from the reality of that endpoint. Items such as groups, OUs, user accounts, etc will become out of sync. 
Instructions:
To remove the deleted accounts out of Identity Manager, perform a full tree explore of the endpoint. A full tree explore is an explore that is performed on every OU of the endpoint. This explore can be performed with or without a correlate, the end result of the accounts being removed will be the same.