KB Article | Forcepoint Support

Problem Description

How do I remove existing end-user directory service entries from the hybrid service?

 
NOTE:  A new method of clearing all user and group information stored in the cloud has been created and added to version 8.5.x. Contact Technical Support for assistance.

 

Resolution

Important Performing these steps affects security filtering for hybrid end users while the steps are being taken. 

To perform a Null Sync to remove users:
Note No files will be deleted for the Null Sync. This is important as doing so will be doing a full sync, which may not remove all user sync data from the cloud side.  

  1. Create a new folder (Organizational Unit) in your LDAP Directory and create one new user in that folder, this user must have a unique email address (added in the email field) and not be already synced to the cloud in the past.
  2. Log into Forcepoint Security Manager.
  3. Navigate to Settings > Hybrid Configuration > Shared User Data.
  4. In the center pane, select the Directory Agent.
    1. Make a screenshot or otherwise note the current Context as it will need to be set back later.
    2. Set the Root Context to the path that has the one user and set it to Context Only
Important The user selected must be a user not previously synced.  Otherwise, the user will receive an email error.
  1. Change User searches and Group searches entries to One Level
  2. Click OK possibly up to 3 times through the menus.
  3. Click Save and Deploy.
  4. Navigate to Settings > Hybrid Configuration > Scheduling.
  5. Click Send User Data Now as well as Send Policy Data Now. This initiates the sync between Directory Agent (DAS) and the hybrid portal.
  6. This will create a .ldif file in the Websense\Web Security\SSDATA folder that will sync the one test user and remove everything else from the Cloud.
  7. This process may take 30 minutes to complete.


To perform a Full Sync to add all users:

  1. Log into Forcepoint Security Manager.
  2. Navigate to Settings > Hybrid Configuration > Shared User Data.
  3. In the center pane, select the Directory Agent.
  4. Set the Root Context back to where the desired users and groups are located from the previous section's notes or screen shots.
  5. Click on Save and Deploy.
  6. Stop the Sync Service and Directory Agent Service.
    1. Open Services via run command services.msc
    2. Stop the Directory Agent service.
    3. Stop the Sync Service (this will take longer to stop).
  7. Navigate to the Websense\Web Security\bin\SSDATA folder and remove the files with the .ldif extension.
  8. Navigate to the Websense\Web Security\bin\Snapshots folder and remove all files within this folder and any files in its subfolders except backup.ini.
  9. Start the Sync Service and Directory Agent Service.
    1. Open Services via run command services.msc
    2. Start the Sync Service service.
    3. Start the Directory Agent service
  10. Navigate to Settings > Hybrid Configuration > Scheduling.
  11. Click Send User Data Now as well as Send Policy Data Now. This initiates the Full Sync.
  12. This process may take 30 minutes to 1 hour to complete.

 

Article Feedback



Thank you for the feedback and comments.