When you make users inactive in your directory service, it impacts the corresponding Workspace ONE UEM and Workspace ONE Express account in a similar way but only assuming these prerequisite conditions.

  • Syncing of removed users works with Active Directory only.
  • The user name you entered in the Bind User Name option must have Active Directory administrator privileges.
    • Check on this name by navigating to Groups & Settings > All Settings > System > Enterprise Integration > Directory Services, and in the Server tab, look for the Bind User Name text box.
    • Workspace ONE Express customers can find the Bind User Name text box in the same Server tab by navigating to Groups & Settings, then select Directory Services from the Name column.
  • You can allow non administrators in Active Directory access to the deleted objects container provided you follow the steps outlined in the following Microsoft Support article. https://support.microsoft.com/en-in/help/892806/how-to-let-non-administrators-view-the-active-directory-deleted-object.
  • Furthermore, the recycle bin must be enabled using the Active Directory Administrative Center but only if you are deleting users in AD.
    1. Open the Active Directory Administrative Center.
    2. Select the domain, then right-click the domain.
    3. Select Enable Recycle Bin. Once enabled, the recycle bin cannot be disabled.