A technician is unable to delete an Active Directory user account using ADManager Plus but the same is possible from ADUC console.

A technician is unable to delete an Active Directory user account using ADManager Plus but the same is possible from ADUC console.

ADManager Plus, an IGA tool, offers purpose built features for Active Directory (AD), Microsoft 365, Exchange, and Google workspace management and reporting operations. To successfully perform the required operation in these platforms, ADManager Plus requires an admin account with sufficient privileges to carry out the desired operations in AD.

Possible reason 

If you find that the technician or admin is unable to delete a user account through ADManager Plus, but can do so using the Active Directory Users and Computers (ADUC) console, it's likely due to permission issues. The admin account, which is a part of the domain configured in the Domain/Tenant Settings of ADManager Plus might not have effective permissions to delete subtree.

Steps to resolve this issue:

  1. Log in to ADManager Plus.

  1. Go to the Domain/Tenant Settings link in the top right corner.

  1. Make a note of the first domain controller in the list, and also the credentials used for that domain controller.

  1. Login to that domain controller using the credentials provided in the Domain/Tenant Settings section.

  1. Open the ADUC console, and locate the admin account.

  1. Right click that user account and click Properties > Security > Effective Access. Enter the name of the admin account provided in ADManager Plus' Domain/Tenant Settings and click the View effective access option.

  1. If the Delete subtree permissions has been disabled, enable it.

This should resolve this issue. If the admin is not able to delete the user accounts even after granting these permissions, please get in touch with us at support@admanagerplus.com

                  New to ADSelfService Plus?

                    • Related Articles

                    • Microsoft 365 license management using ADManager Plus

                      This article will explain how you can assign and revoke Microsoft 365 licenses using ADManager Plus. With ADManager Plus, you can: Assign Microsoft 365 licenses while creating users. Modify Microsoft 365 licenses for existing users. Remove Microsoft ...
                    • How to integrate ADManager Plus with ServiceDesk Plus

                      The ADManager Plus-SeviceDesk Plus integration allows administrators to perform Active Directory management operations directly from the ServiceDesk Plus console. Using the ServiceDesk Plus console, administrators or help desk technicians can perform ...
                    • Active Directory-ADManager Plus data synchronization

                      Objects in Active Directory (AD) have to be synced and updated to ADManager Plus as frequently as possible for an unobstructed AD management and reporting experience. ADManager Plus triggers different types of sync at different time intervals, ...
                    • Using a Managed Service Account (MSA or gMSA) in ADManager Plus

                      A Managed Service Account (MSA) or group Manage Service Account (gMSA) is a more secure and scalable service account with the characteristics of a computer object. The passwords of MSAs/gMSAs are random and are automatically updated by the Windows ...
                    • Microsoft365 License Management using ADManager Plus

                      Microsoft 365 License Management using ADManager Plus The M365 licenses can be managed by the following methods, Using the License Management section under Microsoft 365 tab. Managing licenses using user creation/modification templates. Using the ...