A Recent Full Import from AD Unexpectedly Deactivated or Suspended One or More Okta Users
Jun 20, 2025
Okta Classic Engine
Directories
Overview
A recent full import from Active Directory (AD) unexpectedly deactivated or suspended one or more Okta users who are active in AD.
Applies To
- AD Full Import
- AD Mastered Users
- Okta Classic Engine
Cause
A required attribute (for example, last name) was removed from the user's AD object, and Lifecycle Settings options are configured to deactivate or suspend the Okta user.
NOTE: A scheduled import or a manually performed incremental import will not result in this issue.
Solution
- Check to see if the user's corresponding AD object has been changed and is missing one of the required attributes (
firstName,lastName,login). - Alternatively, perform the following System Log query to see if there are any skipped users:
eventType eq "system.agent.ad.import_user" and outcome.result eq "SKIPPED" -
- If there are any results, expand the System Log entries individually and examine the Outcome > Reason. The details will identify the missing required attribute.
- If a required attribute is missing data, re-populating it and performing a full import will re-activate the Okta user if the appropriate option is enabled in the Active Directory Settings > Lifecycle Settings section:
