Active User deprovisioned from Okta during import from AD Skip to main content
https://support.okta.com/help/answers?id=9062a000000bmq2qai&refurl=http%3a%2f%2fsupport.okta.com%2fhelp%2fanswers
How satisfied are you with the Okta Help Center?
Thank you for your feedback!
How satisfied are you with the Okta Help Center?
1
2
3
4
5
Very Dissatisfied
Very satisfied
Enter content less than 200 characters.
Ask Search:
Shameem Taj Nazeer AhmedShameem Taj Nazeer Ahmed 

Active User deprovisioned from Okta during import from AD

Hi All,

I had done an import in Okta and an active employee got deactivated after this. I could see in the okta logs that he was deactivated on import. We have activated him in Okta but he says has not received any email with password reset link. I even checked his spam folders, no success. His AD profile is active with okta groups and i am not sure why he has not received any email
Can you please suggest!!

Thank you!
Shameem
Kevin TurnerKevin Turner (Okta, Inc.)
It might not be the case, but in the settings for the AD integration can you check to make sure this option is not set?
User-added image
Shameem Taj Nazeer AhmedShameem Taj Nazeer Ahmed
No Kevin. It is not checked.
Kevin TurnerKevin Turner (Okta, Inc.)
Are you using delegated authentication back to AD? If so then the user will not get an email. they can change their password via AD, or you could allow Okta to perform AD password resets by elevating the service account that's tied to the Okta AD agent. The user would then go to the Okta login page, and select "Forgot Password" option rather than recieve and email.

The reset user's password and an email notification is only used against Okta mastered users. If the user is now back to being AD mastered you cannot via the Okta admin interface reset the user's password, and hence cannot get the email notification.
Shameem Taj Nazeer AhmedShameem Taj Nazeer Ahmed
Hi Kevin, the issue seems to be resolved now. When we checked with IT, we found that employee's first name was not updated/removed and Okta OUs were readded...i am workin on the preventive measure for this as an import should not deactivate user in Okta..not sure where the actual issue is...AD or Okta...i have asked IT to provide logs for the dates for further investigation....thank you for your update!