cancel
Showing results for 
Search instead for 
Did you mean: 

Deletion of User

Ckumar
Contributor
0 Kudos


Hi all,

I am using SAP IDM 7.2

Today i was trying to delete one user from IDM by using Delete Identity.

while deletion i got following error in the job Log

putNextEntry failed storing


Exception from Modify operation:com.sap.idm.ic.ToPassException:

ToIDStore.modEntry failed updating entry 'MX_PERSON'. IDStore returned error
message: "Entry does not exist" when fetching entry

at the same time i checked the user status in IDM and AD and found that it has been not deleted from both IDM and AD.

But after 1 hour i found that users has been deleted from IDM while it still exist in IDM.

Could you please share why i am facing such issue and what is the actual meaning of above error.

Thanks in Advance.

Regards,

C kumar

Accepted Solutions (0)

Answers (1)

Answers (1)

Former Member
0 Kudos

I assume that

But after 1 hour i found that users has been deleted from IDM while it still exist in IDM.

Is suppoed to be AD at some point...

When disabling an identity, there are issues in that you have disabled them before running all the subtasks.  These subtasks (SetABAPRoles...) don't work on disabled users.

It's easier to change the attribute, so that you trigger the disable on Z_DISABLE_STAGING, process all the 'disable jobs' and then set the MX_DISABLED attribute at the end when nothing else has to be processed.  You can either do it on a timed thing (30 minutes later), or set it on a 'success' process after all tasks are complete.

Peter

Ckumar
Contributor
0 Kudos

Thanks Peter,
thanks for rectifying me

You are right
its... But after 1 hour i found that users has been deleted from IDM while it still exist in AD.

At the same time i deleted few more users and they have deleted successfully from both AD and IDM, while i faced above issue for the one user.

Could you please guide me how its possible??

Regards,

C Kumar



former_member2987
Active Contributor
0 Kudos

Are you looking at the correct AD server?  If replication is involved through a DC it could take some time for the account to be disabled.

Matt

Former Member
0 Kudos

Which job actually returned the error?  There is, iirc, a few subtasks under the delete user set...

Also, check the provisioning queue and make sure things are returning what you expect (for switch tasks etc)