Handling Deleted Users in Active Directory

This will synchronize Laserfiche Directory Server with Active Directory to handle deleted users. All changes will be applied in Laserfiche Directory Server not in Active Directory.

Enable Active Directory Synchronization

This will enable Active Directory Synchronization in Laserfiche Directory Server.

  1. Click the Settings tab.
  2. Now, click the General tab.
  3. Scroll down to Enable Active Directory Synchronization.
  4. Toggle Yes.

Note: This setting must be toggled Yes for further synchronization options to be visible.

 

Handling Deleted Users

This will synchronize Laserfiche Directory Server with Active Directory to handle deleted users.

Note: Any changes in the settings below will be applied in Laserfiche Directory Server on the next synchronization, unless otherwise stated.

1. Remove users deleted from Active Directory

  1. Yes: All users deleted from Active Directory are removed from Laserfiche Directory Server. See Ignore Active Directory tombstone for further configuration options.
  2. No: User licenses are freed in Laserfiche Directory Server for all users deleted from Active Directory. All user entries corresponding with the users deleted from Active Directory will remain in Laserfiche Directory Server.

2. Ignore Active Directory tombstones

This setting will only apply when Remove users deleted from Active Directory is toggled Yes.

  1. Yes: Users deleted from Active Directory are removed from Laserfiche Directory Server, ignoring the Active Directory tombstone lifetime attribute.
  2. No: Users deleted from Active Directory will be removed from Laserfiche Directory Server after the Active Directory tombstone lifetime attributes expires. For example, if the Active Directory tombstone lifetime attribute is set to 60 days, user deletion in Laserfiche Directory Server will be delayed by 60 days.

Note: Active Directory tombstone lifetime attribute defaults are configured in Active Directory, not Laserfiche Directory Server. To learn more, navigate to Microsoft Documents.

Note: An Active Directory administrator must give Laserfiche Directory Server permission to access the Active Directory tombstone lifetime attribute for user deletion to be delayed in Laserfiche Directory Server. To learn more, navigate to Required Permissions For Enabling Active Directory Group Synchronization.