UpdateCacheWithDeletedObjects

updatecachewithdeletedobjects maintains the accuracy of activate’s active directory cache by identifying objects that have been deleted in active directory and removing their corresponding cached entries active directory does not surface deleted (tombstoned) objects in standard directory searches without explicit cleanup, cached entries for deleted users, groups, or other directory objects can persist indefinitely this function prevents that drift and ensures downstream processing operates on an accurate directory state purpose updatecachewithdeletedobjects synchronises activate’s active directory cache with objects that have been deleted in active directory it removes stale cache entries so provisioning, reporting, and compliance related processes are always based on current directory data this is cache maintenance functionality it does not evaluate policy, enforce compliance, or initiate provisioning actions operational context updatecachewithdeletedobjects runs nightly as part of activate’s standard system maintenance routine as part of this scheduled maintenance directory references are reconciled to account for renamed objects deleted active directory objects are removed from the cache the full text search index is refreshed general system maintenance tasks are performed reporting and usage statistics are updated running this function nightly ensures the directory cache remains accurate even in environments with frequent object deletions or restores what the function does the function maintains cache accuracy by traversing all configured active directory connector scopes, including trusted domains where applicable querying active directory’s deleted objects container to identify tombstoned objects removing cached entries for deleted objects using their immutable identifiers recording progress so subsequent runs only process newly deleted objects why this is required deleted active directory objects are excluded from normal directory polling and synchronisation operations will not be automatically removed from the cache can remain referenced by cached group memberships, reports, or historical data by explicitly cleaning deleted objects from the cache, updatecachewithdeletedobjects prevents orphaned group membership records inaccurate reporting incorrect compliance or entitlement evaluations gradual accumulation of stale directory data behaviour across connector scopes the function operates recursively across active directory connector scopes unpublished scopes are skipped parent scopes delegate processing to child and trusted domain scopes only leaf scopes that represent directory partitions perform deleted object processing this ensures all relevant directory boundaries are covered without duplicating work incremental processing to avoid reprocessing the same deletions repeatedly, updatecachewithdeletedobjects tracks progress on a per scope basis using directory update sequence information on each run only objects deleted since the previous successful run are processed progress is recorded at the end of the run subsequent runs resume from the last known point this design allows the function to run safely and efficiently as part of nightly maintenance behaviour when objects are restored when an object is deleted it no longer appears in standard directory polls its cached entry is removed by updatecachewithdeletedobjects if the object is later restored in active directory this function does not recreate the cache entry the cache entry is recreated only when another process encounters the restored object, such as through a directory lookup, membership evaluation, or synchronisation operation this separation ensures the cache reflects only objects that are currently present and actively referenced configuration controls deleted object cache synchronisation can be disabled per active directory connector scope using a configuration flag when disabled deleted object detection is skipped for that scope no cache entries are removed for deleted objects within that scope summary updatecachewithdeletedobjects is a foundational maintenance function that removes cached entries for active directory objects that have been deleted it runs nightly as part of activate’s maintenance process, operates independently of compliance or provisioning workflows, and ensures the long term integrity of the active directory cache