A technician is unable to delete an Active Directory user account using ADManager Plus but the same is possible from ADUC console.
ADManager Plus, an IGA tool, offers purpose built features for Active Directory (AD), Microsoft 365, Exchange, and Google workspace management and reporting operations. To successfully perform the required operation in these platforms, ADManager Plus requires an admin account with sufficient privileges to carry out the desired operations in AD.
Possible reason
If you find that the technician or admin is unable to delete a user account through ADManager Plus, but can do so using the Active Directory Users and Computers (ADUC) console, it's likely due to permission issues. The admin account, which is a part of the domain configured in the Domain/Tenant Settings of ADManager Plus might not have effective permissions to delete subtree.
Steps to resolve this issue:
Log in to ADManager Plus.
Go to the Domain/Tenant Settings link in the top right corner.
Make a note of the first domain controller in the list, and also the credentials used for that domain controller.
Login to that domain controller using the credentials provided in the Domain/Tenant Settings section.
Open the ADUC console, and locate the admin account.
Right click that user account and click Properties > Security > Effective Access. Enter the name of the admin account provided in ADManager Plus' Domain/Tenant Settings and click the View effective access option.
If the Delete subtree permissions has been disabled, enable it.
New to ADSelfService Plus?
Related Articles
How to integrate ADManager Plus with ServiceDesk Plus?
Objective: To integrate ADManager Plus with ServiceDesk Plus Solution: The ADManager Plus-ServiceDesk Plus integration allows administrators to perform Active Directory management operations directly from the ServiceDesk Plus console. Using the ...Microsoft 365 license management using ADManager Plus
This article will explain how you can assign and revoke Microsoft 365 licenses using ADManager Plus. With ADManager Plus, you can: Assign Microsoft 365 licenses while creating users. Modify Microsoft 365 licenses for existing users. Remove Microsoft ...How to integrate ADManager Plus with ServiceDesk Plus
The ADManager Plus-SeviceDesk Plus integration allows administrators to perform Active Directory management operations directly from the ServiceDesk Plus console. Using the ServiceDesk Plus console, administrators or help desk technicians can perform ...How to synchronize ADManager Plus with Active Directory?
Objective: To refresh ADManager Plus by synchronizing its database with Active Directory. Steps to synchronize ADManager Plus with Active Directory Note: By default, ADManager Plus will automatically sync with AD (User, Groups, Computer, Contact and ...Using a Managed Service Account (MSA or gMSA) in ADManager Plus
A Managed Service Account (MSA) or group Manage Service Account (gMSA) is a more secure and scalable service account with the characteristics of a computer object. The passwords of MSAs/gMSAs are random and are automatically updated by the Windows ...