2.7.2.8 Delete an Account - Client Application
In this use case, an administrator wants to delete an account from the directory to prevent its further use. The administrator launches a client application to delete an account. The client application establishes a connection to the Active Directory system.
Goal
Delete an account in the directory.
Context of Use
An administrator wants to delete an account from the directory to prevent its further use.

Figure 21: Use case diagram for deleting an account
Actors
Client application
The client application is the primary actor. It is the entity that prepares the connection to the directory server, submits the request to delete an account, and relays the response to the administrator.
Windows Authentication Services
Windows Authentication Services [MS-AUTHSOD] is the supporting actor that authenticates the administrator's identity so that the Active Directory system can make access-control decisions.
Directory server
The directory server is the supporting actor that receives the deletion request and deletes the account from the directory.
Stakeholders
Administrator
The administrator initiates operations such as create, reset, change, query for group members, create a security group, modify the group member list, and delete on an account. The administrator primarily wants to receive information that the operations are successfully completed or receive an error message if they failed.
Directory
The directory is the entity that contains the account being deleted.
Preconditions
The system-wide preconditions, as described in section 2.6, are satisfied. The Active Directory system completes initialization, as described in section 2.6.
The client application has connectivity to a directory server to which it can establish a connection, if it is not already connected, and send the request.
The account that is being deleted exists.
Main Success Scenario
Trigger: The administrator provides the account name of the account to be deleted as input to the client application with credentials and invokes the operation that deletes an account.
The client application establishes a connection to the directory server. Windows Authentication Services authenticates the client application using the supplied credentials ([MS-AUTHSOD] section 2).
The client application sends a request to the directory server to delete the account.
The directory server verifies that the credentials that are supplied through the client application have the necessary access-control rights to complete the operation ([MS-ADTS] section 5.1.3).
The directory server deletes the object in the directory that represents the account with the account name that the client supplies. Additional processing tasks that are mandated by the server's processing rules and constraints might occur ([MS-ADTS] sections 3.1.1.5.1 and 3.1.1.5.3).
The directory server sends a response to the client application indicating that the account has been successfully deleted.
Postcondition
The account is no longer available.
Extensions
If the credentials that are supplied through the client application have insufficient access-control rights to delete the account:
1-4. Same as Main Success Scenario.
5. The directory server sends a response to the client application that the supplied credentials have insufficient access-control rights to delete the account.