How to Manually Add an Inactive AD User Into The RMC for EMS Recovery

In the 6.0.X line, we introduced device lease period to help manage machines that were no longer part of your environment. By default this value is set for 30 days. After 30 days if the device has not checked into the device server or policy proxy, it is removed from the Dell Data Protection | Encryption web console.

A database administrator must follow the below queries and statements exactly.

QUERY #1

Select * from entity where DisplayName like '%USER UPN%'

• Replace the '%USER UPN%' with the UPN of the decommissioned user.
  • This should return the selected user in question that has been removed from your Active Directory.
  • Confirm Removed = 1.
• Once confirmed, run the Query #2.

QUERY #2

UPDATE Entity
Set Removed=0
Where Display Name like '%USER UPN%' and EntityType=1

• The user is active in the Dell Data Protection | Encryption database, once confirmed:

• Go to the Dell Data Protection | Encryption web console and log in as a Dell Data Protection | Encryption administrator.
• Go to the user tab and look up the USER UPN*.
• Click the Shielded Devices icon next to the USER UPN.
• Locate the machine where the USB device originally got encrypted and click Recover.
• Enter the Device Code that the USB device provided and press Generate Access Code.
• Enter Access Code on USB UI to finish recovery.

• Once recovery has been successful, have your DBA perform the following:

QUERY #3

UPDATE Entity
Set Removed=1
Where Display Name like '%USER UPN%' and Entity Type=1

• This removes the inactive user from the database.

1. Launch the Dell Data Protection Console from the Virtual Server.
2. Type the following:
   • su ddpsupport
   • sudo psql -U ddp_admin -h 127.0.0.1 ddp_8_2_0

Query #1

Select * from entity where DisplayName like '%USER UPN%';

• Replace '%USER UPN%' with the UPN of the decommissioned user.
  • This should return the selected user in question that has been removed from your Active Directory.
  • Confirm Removed = 1.
• Once confirmed, run the Query #2.

Query #2

UPDATE Entity;
Set Removed=0;
Where Display Name like '%USER UPN%' and EntityType=1;

• After running the above line, confirm that the user is not set to removed=0 by running Query 1.
• The user is active in the Dell Data Protection | Encryption database, once confirmed:

• Go to the Dell Data Protection | Encryption web console and log in as a Dell Data Protection | Encryption administrator.
• Go to the user tab and look up the USER UPN.
• Click the Shielded Devices icon next to the USER UPN.
• Locate the machine where the USB device originally got encrypted and click Recover.
• Enter the Device Code that the USB device provided and press Generate Access Code.
• Enter Access Code on USB UI to finish recovery.

• Once recovery has been successful, have your DBA perform the following:

Query #3

UPDATE Entity;
Set Removed=1;
Where Display Name like '%USER UPN%' and Entity Type=1;

• This removes the inactive user from the database.

3. Ctrl + D