Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
surajshinde
Contributor

Unable to delete LDAP Account Unit.

Jump to solution

Dear Team,

In preset we have multiple LDAP account Unit and we want delete it and create single unit with multiple AD sever with setting of " User Directory" .

We have Achieved it but unable to delete old LDAP account unit. it is showing Error"  Object is Used by policy or by other object". Please find attached error screen shot. 

Where as we removed it from all other object and policy. we have check with it "View Details" noting is showing.

How can i delete this LDAP account unit?

Check Point Manager : R81 take 23

Gateway: R81 take 13

0 Kudos
1 Solution

Accepted Solutions
surajshinde
Contributor

Hello Tobias_Moritz,

Thank You...!

It worked. I have checked in GuiDBedit Database and that object "ad_group_IT_Users" was there. I have verify & delete this object.

After this object deletion, i am able to delete LDAP account unit that belongs to this object. 

View solution in original post

0 Kudos
5 Replies
Wolfgang
Leader
Leader

@surajshinde  right click on the LDAP-AccountUnit and use „where used“. Then you know from where to have to remove the object.

As the messages states, objectors in use in another configuration. There it should be removed before deleting.

surajshinde
Contributor

When we tried to check " where used" it showing empty. PFA. 
Is there any latent way to identify where it is used from CLI.

0 Kudos
surajshinde
Contributor

Dear Team,

I have checked in Smart Dash board and found one entry. PFA. But unable to delete that object.

Also this object not find through Smart console.

How can i delete. 

 

0 Kudos
Tobias_Moritz
Advisor

I guess you have an Access Role in your database which still references to this AD group object while this AD group object references to the LDAP Account Unit you want to delete. Use CPMI (GuiDBedit for example) to search for this object (ad_group_IT_Users).

When you found the Access Role(s) which use(s) this ad group object, remove the ad group from this Access Role object(s) using SmartConsole. After that (at least after publish and install database), try to remove the LDAP Account unit again.

If it is still saying it is in use, then use GuiDBedit to search for other references for the LDAP Account Unit, SmartConsole is not able to find with its where-used feature.

The main problem here it, that SmartConsoles where-used feature cannot display all references of all objects. CPMI usually can.

surajshinde
Contributor

Hello Tobias_Moritz,

Thank You...!

It worked. I have checked in GuiDBedit Database and that object "ad_group_IT_Users" was there. I have verify & delete this object.

After this object deletion, i am able to delete LDAP account unit that belongs to this object. 

View solution in original post

0 Kudos