Home / Identity Administration / User Accounts and Groups / Current: Removing Accounts from Groups
When user accounts no longer meet the criteria for belonging to a group, you can remove those accounts them from the group. When you do so, any entitlements and delegations they received from the group via a policy will be are handled in accordance with that policy.
For example, if you have a group with anan Exchange mailbox RET policy that specifies the mailbox be deprovisioned when a member is no longer a member, removed users will lose their mailboxes.
This topic demonstrates how to remove an account from a group in EmpowerID and is divided into the following activities:
- Removing accounts from a group
- Verifying the accounts were removed from the group in EmpowerID
- Verifying the accounts were removed from the group in Active Directory
.
To remove an account from a group
- From In the Navigation Sidebar of the EmpowerID Web interface, navigate to the Find Groups page by expanding expand Identities and clicking click Groups.
Search for the group from which you want to remove user accounts and then click the record for that group. You should see a list of contextual actions appear that can be executed against that group appear in the Actions pane.
Info In the following image, the Locations pane has been collapsed to conserve screen real estate.
- Click the Remove Accounts from Groups action.
- In the Account Lookup that appears, search for the account you want to remove from the group.
- Tick the box beside the group to select it.
- Repeat, steps 5 and 6, adding as many accounts as needed.
- When you have finished adding accounts, click Submit.
- Click OK to close the Operation Execution Summary.
To verify that EmpowerID removed the accounts from the group
- Search for the group from which you just removed the account(s).
- From the grid, click the Logon Name link for the group.
This directs you to the View One page for the group. View One pages allow you to view details about an object in EmpowerID and make changes to those objects as needed. - From the View One page, expand the Group Members accordion and search for the accounts you removed from the group. You should see no records for those accounts.
- Next, navigate to the Audit Log by expanding System Logs in the Navigation Sidebar and clickingAudit Log.
- In the Audit Log, click the Group Membership Changes tab. You should see a record for each account you removed from the group.
To verify the user account is removed from the group in Active Directory
- Open Active Directory Users and Computers and search for the group from which you removed the user account(s).
- Open the Properties dialog for the group and click the Members tab. You should see that the accounts are not listed as members.
Info | ||||
---|---|---|---|---|
| ||||
|
...
|