In RSA Authentication Manager, you can clean up unresolvable users manually on an as-needed basis. The cleanup process removes the association between the users in an LDAP directory and RSA-specific data in the internal database.
Before you begin
You must be a Super Admin.
In the Authentication Manager Security Console, click Setup > Identity Sources > Clean Up Unresolvable Users.
Select the name of the identity source that you want to clean up, or select All.
In the Grace Period field, do one of the following:
If you want to clean up users who have been unresolvable for more than the specified number of days, select the checkbox.
If you want to clean up users immediately when they are found to be unresolvable, clear the checkbox.
The Grace Period is used to prevent cleanup for any users and user groups that may have been mistakenly removed from the directory or moved to an OU out of scope of the identity source. You can specify how many days the users must be unresolvable before they are cleaned up, and take corrective action beforehand. By default, this field is enabled to clean unresolvable users after seven days.
The list of unresolvable users builds and displays in the Preview panel when complete. The Preview displays up to 500 results at a time. If you see exactly 500 results, you may need to clean up additional users. In this case, RSA recommends running a report based on the Users and User Groups Missing From Identity Source report template to view a complete list of unresolvable users. For more information, see Add a Report.
In the Preview pane, review the list of users. Click the column names to sort the list. If the list is empty, there are no unresolvable users.
Click Clean Up Now.
Note:You cannot cancel the cleanup. When you click Clean Up Now, all associations between the users and objects in the internal database are removed.
When the clean up process completes, the Configure Settings pane displays a success message.