What needs to happen in Okta when you rename an OU in AD? Skip to main content
https://support.okta.com/help/answers?id=906f0000000dflziao&refurl=http%3a%2f%2fsupport.okta.com%2fhelp%2fanswers
How satisfied are you with the Okta Help Center?
Thank you for your feedback!
How satisfied are you with the Okta Help Center?
1
2
3
4
5
Very Dissatisfied
Very satisfied
Enter content less than 200 characters.
Ask Search:
Esteban GardunoEsteban Garduno 

What needs to happen in Okta when you rename an OU in AD?

What needs to happen in Okta when you rename an OU in AD?

Apparently, When I renamed an OU in our AD this caused a chain reaction in
All users in that OU are immediately disabled in okta
All apps are immediately de-provisioned
All users in that OU are immediately disabled in AD
O365 will either “block” the user, remove their license, or delete the user based on the sequence/timing of events.
Behavior with other sync’d applications could vary greatly depending on the application and integration with okta.

Similarly creating a new OU, means that that OU is not automatically sync’d in okta

Is this the way Okta supposed to work? Okta can not notice changes and adjust?
Eric TiptonEric Tipton
I assume you are talking about a ROOT OU? If so, then yes, renaming would cause deprovisioning. Ditto for a new OU not being synched - if it's a root OU it wont syncy automatically - and you wouldn't want it to since it may contain service or other accounts that you don't want in Okta. If you need a new root OU to sync, do an import then select it in AD Settings, User OUs connected to Okta. 

If you create a new OU underneath an OU that is already connected to Okta then it will be picked up automatically. Also renaming of OU's other than root appears to work fine for me.