FortiAuthenticator provides access management and single sign on.
Article Id 302551

This article describes when a user manually imports the remote user in the LDAP group, it will still exist after that user is removed from AD and Manual Sync on Remote User Synced Rules.

Scope FortiAuthenticator.
  1. There are two users in the remote LDAP AD server.
  2. Manually add 'twtac2' on GUI under Remote Users -> Import.


截圖 2024-03-04 上午10.55.39.png

截圖 2024-03-04 上午10.55.52.png


  1. Manually Sync 'twtac1' user from GUI under Remote User Synced Rules:


截圖 2024-03-04 上午10.57.41.png


  1. There are now, two users in Remote Users:
  • twtac1: Remote User Sync Rules -> Manual Sync.
  • twtac2: Remote Users -> Import.


  1. After removing 'twtac2' user from window AD and doing Remote User Sync Rules -> Manual Sync, 'twtac2' still exists on Remote Users:


截圖 2024-03-04 上午10.57.41.png

In conclusion, Remote User Sync Rules -> Manual Sync will not sync the user manually imported by Remote Users -> Import .