I am having problems deleting users with ExchangeActiveSyncDevices. The
user object cannot be deleted because it is not a LEAF object. Fair
enough. I found on the forums a policy to query for those objects and
delete them. But... it's not working. If i query a user object with the
intent to return every child object:

DirXML rule


<do-set-local-variable name="lv.query" scope="policy">


The query only returns the User object itself without the subtree
objects. Strange thing is, if i look at the user object and child
objects with an LDAP browser, it turns out that the
CN=ExchangeActiveSyncDevices object has no object class.. just 2
attributes: msExchVersion and msExchObjectsDeletedThisPeriod.

Using Apache Directory studio, i tried to search the
ExchangeActiveSyncDevices object by querying on CN. It could not be
found. If i try to find it with msExchVersion=[number] the object can be
found. So i enhanced my query with this matching attribute, but again no
instances are returned other than the user object itself.

NDS document


<query event-id="0" scope="subtree">
<search-attr attr-name="msExchVersion">
<value type="string">some-form-of-number</value>


Can anybody help me in deleting these objects ?

Other info:
- AD driver
- Query is on subtree search with base 'association'

Sjoerdk's Profile: https://forums.netiq.com/member.php?userid=1135
View this thread: https://forums.netiq.com/showthread.php?t=53073