When an administrator deletes a user directly in Active Directory (AD), incremental scheduled imports skip the missing user, leaving the Okta profile active. Resolving this requires either deactivating the user in AD before deletion or running a full import to synchronize the removal.

• Okta Identity Engine (OIE)
• Okta Classic Engine
• Provisioning
• Active Directory (AD)

Scheduled imports run as incremental updates by default. During an incremental import, Okta only processes changes to existing AD objects. Users who have been deleted from AD will not be found during an incremental import, which prevents Okta from deactivating the deleted user.

How does an administrator resolve the active Okta user status after the user is deleted in Active Directory?

Resolve the active user status by either deactivating the user in AD and performing an incremental import before deletion or by running a full import to synchronize the missing data.

• Deactivate the user in AD, wait for the next scheduled import or manually trigger an import, and then delete the user in AD.
• Run a full import so Okta evaluates all data and deactivates any users missing from the AD payload.