I am having problems deleting users with ExchangeActiveSyncDevices. The
user object cannot be deleted because it is not a LEAF object. Fair
enough. I found on the forums a policy to query for those objects and
delete them. But... it's not working. If i query a user object with the
intent to return every child object:

DirXML rule

Code:
--------------------

<do-set-local-variable name="lv.query" scope="policy">
<arg-node-set>
<token-query>
<arg-association>
<token-association/>
</arg-association>
</token-query>
</arg-node-set>
</do-set-local-variable>

--------------------


The query only returns the User object itself without the subtree
objects. Strange thing is, if i look at the user object and child
objects with an LDAP browser, it turns out that the
CN=ExchangeActiveSyncDevices object has no object class.. just 2
attributes: msExchVersion and msExchObjectsDeletedThisPeriod.

Using Apache Directory studio, i tried to search the
ExchangeActiveSyncDevices object by querying on CN. It could not be
found. If i try to find it with msExchVersion=[number] the object can be
found. So i enhanced my query with this matching attribute, but again no
instances are returned other than the user object itself.

NDS document

Code:
--------------------

<input>
<query event-id="0" scope="subtree">
<association>393edf0c1f4fd94598e8b85fc19b0120</association>
<search-attr attr-name="msExchVersion">
<value type="string">some-form-of-number</value>
</search-attr>
<read-attr/>
</query>
</input>

--------------------


Can anybody help me in deleting these objects ?

Other info:
- AD driver 4.0.0.3
- Query is on subtree search with base 'association'


--
Sjoerdk
------------------------------------------------------------------------
Sjoerdk's Profile: https://forums.netiq.com/member.php?userid=1135
View this thread: https://forums.netiq.com/showthread.php?t=53073