KB Article | Forcepoint Support

Problem Description

How do I remove existing end-user directory service entries from the hybrid service?

 
NoteA new method of clearing all user and group information stored in the cloud has been created and added to version 8.5.x. Contact Technical Support for assistance:

 

Resolution

Important Performing these steps affects security filtering for hybrid end users while the steps are being taken. 

To perform a Null Sync to remove users:

Note Do not delete any files from \SSDATA when performing the Null Sync steps. Doing so may instead trigger a full sync, which will not remove the user sync data from the cloud side as desired.  

  1. Create a new folder (Organizational Unit) in your LDAP Directory and create one new user in that folder, this user must have a unique email address (added in the email field) and not be already synced to the cloud in the past.
  2. Log into Forcepoint Security Manager.
  3. Navigate to Settings > Hybrid Configuration > Shared User Data.
  4. In the center pane, select the Directory Agent.
    1. Make a screenshot or otherwise note the current Context as it will need to be set back later.
    2. Set the Root Context to the path that has the one user and set it to Context Only
Important The user selected must be a user not previously synced.  Otherwise, the user will receive an email error.
  1. Change User searches and Group searches entries to One Level
  2. Click OK possibly up to 3 times through the menus.
  3. Click Save and Deploy.
  4. Navigate to Settings > Hybrid Configuration > Scheduling.
  5. Click Send User Data Now as well as Send Policy Data Now. This initiates the sync between Directory Agent (DAS) and the hybrid portal.
  6. This will create a .ldif file in the Websense\Web Security\SSDATA folder that will sync the one test user and remove everything else from the Cloud.
  7. This process may take 30 minutes to complete.
Note Immediately after performing the NULL sync, only the one user selected will be associated with the Cloud account. Typically, after performing a Null Sync, it's recommended to perform a Full Sync (as discussed below) to resync the desired hybrid users.

 

To perform a Full Sync to add all users:

  1. Log into Forcepoint Security Manager.
  2. Navigate to Settings > Hybrid Configuration > Shared User Data.
  3. In the center pane, select the Directory Agent.
  4. Set the Root Context back to where the desired users and groups are located from the previous section's notes or screen shots.
  5. Click on Save and Deploy.
  6. Stop the Sync Service and Directory Agent Service.
    1. Open Services via run command services.msc
    2. Stop the Directory Agent service.
    3. Stop the Sync Service (this will take longer to stop).
  7. Navigate to the Websense\Web Security\bin\SSDATA folder and remove the files with the .ldif extension.
  8. Navigate to the Websense\Web Security\bin\Snapshots folder and remove all files within this folder and any files in its subfolders except backup.ini.
  9. Start the Sync Service and Directory Agent Service.
    1. Open Services via run command services.msc
    2. Start the Sync Service service.
    3. Start the Directory Agent service
  10. Navigate to Settings > Hybrid Configuration > Scheduling.
  11. Click Send User Data Now as well as Send Policy Data Now. This initiates the Full Sync.
  12. This process may take 30 minutes to 1 hour to complete.





Keywords: hybrid; proxy; user sync; null sync; full sync; sync service; directory agent; das; directory sync; SyncService.bat

Article Feedback



Thank you for the feedback and comments.