This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Announcements

SecurID® Discussions

Browse the SecurID discussion board to get product help and collaborate with other SecurID users.
StewartKessler
New Contributor
New Contributor
‎2020-06-03 11:24 AM

RSA security console unsaasign token from unknown user When a User has been deleted from Active Directory

Jump to solution

That is cool, I understand that that is due to the user being removed from AD. The question is how to find out what user was assigned the token? We will need to get the Fob back so we need to know who Unknown was. Is there a report that will show who was originally assigned the Token?

Stewart Kessler
Labels (1)
0 Likes
Reply
1 Solution

Accepted Solutions
JayGuillette
Apprised Contributor Apprised Contributor
Apprised Contributor
‎2020-06-03 05:39 PM

Jump to solution

If the AD user was straight up deleted, when you run a Clean up job, the token will be unassigned from this no longer existing user.

 

You can run this clean up job manually, and individually check all the no longer existing users found and then click to unassign all the token, or you can schedule these jobs to automatically run every night or every few days or whatever, but with a grace period, because we have heard, very rare, but sometimes the AD Administrators mistakenly delete users ( yeah I know what you are thinking, that could never happen!) so if that has happened, you can wait a few days before unassigning those tokens.

If the AD people did delete a user, and then recreated the same user, the AM Identity source would still find that user even though their ObjectGUID had changed, because all the other information is the same, first and last name, UserID, DN.  

View solution in original post

Reply
1 Reply
JayGuillette
Apprised Contributor Apprised Contributor
Apprised Contributor
‎2020-06-03 05:39 PM

Jump to solution

If the AD user was straight up deleted, when you run a Clean up job, the token will be unassigned from this no longer existing user.

 

You can run this clean up job manually, and individually check all the no longer existing users found and then click to unassign all the token, or you can schedule these jobs to automatically run every night or every few days or whatever, but with a grace period, because we have heard, very rare, but sometimes the AD Administrators mistakenly delete users ( yeah I know what you are thinking, that could never happen!) so if that has happened, you can wait a few days before unassigning those tokens.

If the AD people did delete a user, and then recreated the same user, the AM Identity source would still find that user even though their ObjectGUID had changed, because all the other information is the same, first and last name, UserID, DN.  

Reply
© 2023 RSA Security LLC or its affiliates. All rights reserved.