3.2.8 Example 8: Delete a User Account
In this example, an administrator deletes a user account. This includes directory objects of class user as well as objects of classes that are derived from the user class. One way to delete a user account is to use the LDAP. To perform this task, an administrator runs a client application on a client computer and targets a directory server in the Active Directory system. The client application uses LDAP to delete the user account.
This example applies only to AD DS.
This example uses LDAP.
This example covers the use case in section 188.8.131.52, Delete an Account - Client Application.
The general requirements described in section 2.6, Assumptions and Preconditions.
The Active Directory system meets all preconditions described in section 184.108.40.206.
Initial System State
Final System State
The specified user object is successfully converted into a tombstone or deleted-object, depending on whether the Recycle Bin optional feature is enabled, as specified in [MS-ADTS] sections 220.127.116.11.5.1.1 and 18.104.22.168.5.1.2.
Sequence of Events
The following sequence diagram shows the message flow that is associated with this example.
Figure 53: Message flow for deleting a user account
Unless otherwise noted, all responses that include a return code contain a return code that indicates that the operation was performed successfully.
The user interacts with the client application and provides details of the search criteria to be performed on the directory tree. The client application sends an LDAP search request ([RFC2251] section 4.5.1) to the server, querying the entire domain. It starts at the root of the domain, looks for the user ([MS-ADSC] section 2.246), and requests the user's distinguishedName attribute.
The server sends an LDAP search response ([RFC2251] section 4.5.2) that contains the distinguishedName attribute of the user.
The client application sends an LDAP delete request ([RFC2251] section 4.8) to the server that contains the distinguishedName attribute of the user to be deleted.
The server processes the delete request ([RFC2251] section 4.8), verifies the processing rules and constraints, and then deletes the user object ([MS-ADTS] section 22.214.171.124.5). It then sends an LDAP delete response ([RFC2251] section 4.8) that indicates success.
The client application sends an LDAP unbind request ([RFC2251] section 4.3) to the server. The LDAP connection to the directory server is closed.