https://community.checkpoint.com/t5/Firewall-and-Security-Management/Unable-to-delete-LDAP-Account-Unit/m-p/120367#M17060 <P>I guess you have an Access Role in your database which still references to this AD group object while this AD group object references to the LDAP Account Unit you want to delete. Use CPMI (GuiDBedit for example) to search for this object (ad_group_IT_Users).</P> <P>When you found the Access Role(s) which use(s) this ad group object, remove the ad group from this Access Role object(s) using SmartConsole. After that (at least after publish and install database), try to remove the LDAP Account unit again.</P> <P>If it is still saying it is in use, then use GuiDBedit to search for other references for the LDAP Account Unit, SmartConsole is not able to find with its where-used feature.</P> <P>The main problem here it, that SmartConsoles where-used feature cannot display all references of all objects. CPMI usually can.</P> Fri, 04 Jun 2021 13:38:32 GMT Tobias_Moritz 2021-06-04T13:38:32Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Unable-to-delete-LDAP-Account-Unit/m-p/120299#M17037 <P>Dear Team,</P><P>In preset we have multiple LDAP account Unit and we want delete it and create single unit with multiple AD sever with setting of " User Directory" .</P><P>We have Achieved it but <STRONG>unable to delete old LDAP account unit.</STRONG> it is showing Error"&nbsp; Object is Used by policy or by other object". Please find attached error screen shot.&nbsp;</P><P>Where as we removed it from all other object and policy. we have check with it "View Details" noting is showing.</P><P><FONT color="#0000FF"><STRONG>How can i delete this LDAP account unit?</STRONG></FONT></P><P>Check Point Manager : R81 take 23</P><P>Gateway: R81 take 13</P> Thu, 03 Jun 2021 14:25:57 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Unable-to-delete-LDAP-Account-Unit/m-p/120299#M17037 surajshinde 2021-06-03T14:25:57Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Unable-to-delete-LDAP-Account-Unit/m-p/120312#M17042 <P><a href="https://community.checkpoint.com/t5/user/viewprofilepage/user-id/60476">@surajshinde</a>&nbsp; right click on the LDAP-AccountUnit and use „where used“. Then you know from where to have to remove the object.</P> <P>As the messages states, objectors in use in another configuration. There it should be removed before deleting.</P> Thu, 03 Jun 2021 18:34:22 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Unable-to-delete-LDAP-Account-Unit/m-p/120312#M17042 Wolfgang 2021-06-03T18:34:22Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Unable-to-delete-LDAP-Account-Unit/m-p/120341#M17051 <P>When we tried to check " where used" it showing empty. PFA.&nbsp;<BR />Is there any latent way to identify where it is used from CLI.</P> Fri, 04 Jun 2021 07:07:47 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Unable-to-delete-LDAP-Account-Unit/m-p/120341#M17051 surajshinde 2021-06-04T07:07:47Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Unable-to-delete-LDAP-Account-Unit/m-p/120352#M17056 <P>Dear Team,</P><P>I have checked in Smart Dash board and found one entry. PFA. But unable to delete that object.</P><P>Also this object not find through Smart console.</P><P>How can i delete.&nbsp;</P><P>&nbsp;</P> Fri, 04 Jun 2021 09:47:53 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Unable-to-delete-LDAP-Account-Unit/m-p/120352#M17056 surajshinde 2021-06-04T09:47:53Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Unable-to-delete-LDAP-Account-Unit/m-p/120367#M17060 <P>I guess you have an Access Role in your database which still references to this AD group object while this AD group object references to the LDAP Account Unit you want to delete. Use CPMI (GuiDBedit for example) to search for this object (ad_group_IT_Users).</P> <P>When you found the Access Role(s) which use(s) this ad group object, remove the ad group from this Access Role object(s) using SmartConsole. After that (at least after publish and install database), try to remove the LDAP Account unit again.</P> <P>If it is still saying it is in use, then use GuiDBedit to search for other references for the LDAP Account Unit, SmartConsole is not able to find with its where-used feature.</P> <P>The main problem here it, that SmartConsoles where-used feature cannot display all references of all objects. CPMI usually can.</P> Fri, 04 Jun 2021 13:38:32 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Unable-to-delete-LDAP-Account-Unit/m-p/120367#M17060 Tobias_Moritz 2021-06-04T13:38:32Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Unable-to-delete-LDAP-Account-Unit/m-p/120409#M17065 <P>Hello Tobias_Moritz,</P><P>Thank You...!</P><P>It worked. I have checked in&nbsp;<SPAN>GuiDBedit Database and that object "ad_group_IT_Users" was there. I have verify &amp; delete this object.</SPAN></P><P><SPAN>After this object deletion, i am able to delete LDAP account unit that belongs to this object.&nbsp;</SPAN></P> Sat, 05 Jun 2021 07:38:51 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Unable-to-delete-LDAP-Account-Unit/m-p/120409#M17065 surajshinde 2021-06-05T07:38:51Z