Skip to main content

How to decommission AD/LDAP user provisioning

How to decommission AD/LDAP user provisioning

Updated over a week ago

Overview

This article provides the procedure to properly decommission an existing Active Directory (AD) or LDAP integration from the Druva console. This process is a necessary prerequisite for administrators planning to migrate from AD/LDAP to a different user provisioning method to avoid false positive alerts of connector disconnection.

Decommissioning AD/LDAP

This procedure details the steps to remove all dependencies on the existing AD/LDAP integration.

Prerequisites

  • Before you begin, it is highly recommended that you capture screenshots of all existing AD/LDAP mappings. This will serve as a reference for noting the filters, which will be helpful when creating new mappings in a different identity provider or user provisioning method.

Steps

  1. Remove AD/LDAP Dependency from Profiles:

    • Navigate to each user profile.

    • Click Edit.

    • Under the General tab, change the Login Using method to inSync password. This removes the dependency on the AD/LDAP login method for each profile.

2. Delete AD/LDAP Mappings:

  • Navigate to the User Provisioning page.

  • Select all AD/LDAP mappings and proceed to delete them. All mappings must be removed before continuing to the next step.

3. Delete AD/LDAP Accounts:

  • Navigate to the Druva Cloud Settings page and then to the AD/LDAP page.

  • Under the Account tab, delete all configured AD/LDAP accounts.

4. Delete AD/LDAP Connector:

  • Navigate to the Druva Cloud Settings page and then to the AD/LDAP page.

  • Delete all configured AD/LDAP connectors.

Once all the above actions are completed, the AD/LDAP user provisioning is successfully decommissioned. You can now proceed to configure a new provisioning method from the user provisioning page.

See also

Did this answer your question?