Home / Identity Administration / User Accounts and Groups / Current: Removing Accounts from Groups
When user accounts no longer meet the criteria for belonging to a group, you can remove those accounts from the group. When you do so, any entitlements and delegations they received from the group via a policy will be handled in accordance with that policy. For example, if you have a group with anExchange mailbox RET policy that specifies the mailbox be deprovisioned when a member is no longer a member, removed users will lose their mailboxes.
This topic demonstrates how to remove an account from a group in EmpowerID and is divided into the following activities:
- Removing accounts from a group
- Verifying the accounts were removed from the group in EmpowerID
- Verifying the accounts were removed from the group in Active Directory
To remove an account from a group
- From the Navigation Sidebar of the EmpowerID Web interface, navigate to the Find Groups page by expanding Identities and clicking Groups.
- Search for the group from which you want to remove user accounts and then click the record for that group. You should see a list of contextual actions appear that can be executed against that group appear in the Actions pane.
- Click the Remove Accounts from Groups action.
- In the Account Lookup that appears, search for the account you want to remove from the group.
- Tick the box beside the group to select it.
- Repeat, steps 5 and 6, adding as many accounts as needed.
- When you have finished adding accounts, click Submit.
- Click OK to close the Operation Execution Summary.
To verify that EmpowerID removed the accounts from the group
- Search for the group from which you just removed the account(s).
- From the grid, click the Logon Name link for the group.
- From the View One page, expand the Group Members accordion and search for the accounts you removed from the group. You should see no records for those accounts.
- Next, navigate to the Audit Log by expanding System Logs in the Navigation Sidebar and clickingAudit Log.
- In the Audit Log, click the Group Membership Changes tab. You should see a record for each account you removed from the group.
To verify the user account is removed from the group in Active Directory
- Open Active Directory Users and Computers and search for the group from which you removed the user account(s).
- Open the Properties dialog for the group and click the Members tab. You should see that the accounts are not listed as members.
- Related Topics
Concepts:
- Understanding Inventory
- Understanding the Account Inbox
- Understanding Projection and EnforcementUnderstanding Projection and Enforcement
Administrative Procedures:
- Creating User Accounts
- Editing Account Attributes
- Creating Groups
- Adding Accounts to Groups
- Adding Groups to Groups
- Adding Groups to Roles
- Creating Dynamic Group Memberships
- Importing Users and Groups
- Removing Accounts from Groups
- Deleting User Accounts
- Restoring Deleted User Accounts
- Deleting Groups
- Restoring Deleting Groups