Maybe a modification of this script helps (for iterating between a defined array of users, and not for all users). Be careful with deletions.

Alfresco, massive delete of users | Programming and So 

Regards.

--C.

Even if you have the allowDeletions set to false you can still technically trigger a synchronisation that deletes users that should no longer exist. This can be done via the JavaScript Console tool and I have a Gist that shows how synchronisation can be triggered with a different setting than may be configured for synchronisation.

...I should setup a knowledge base for things like these with a sophisticated solr/elasticsearch index

Thanx again Axel

Ah, thank you. If you can't tell already, I'm extremely green with Alfresco! I didn't know it was as easy as removing the user in the admin console, I figured there would be more cleanup to do.

I am not worried about the users home directory, those can live on into eternity. If I do run into problems later on, I will find a way to remove them, most likely using Cesar's suggestion with modifying the mass user deletion script he linked to.

One more side question since it's been mentioned a few times: Is the only way to do a full sync is by setting the differential query the same as the full query, then restarting the Alfresco server? 

Thank you again everyone!

-Jason

No - there are alternatives. See my response further up the chain. Using the JavaScript Console you can always trigger a full synchronisation.

No, you can also set:

synchronization.synchronizeChangesOnly=false

The default is true. But this only applies on cron syncs, not for the subsystem startup for example.

Regards.

--C.

Hi Jason, no (see the other answers) but it is an easy way to force the full sync if you need it just now - without installing anything else. 

Hi Axel, I tried with JS Console with the mentioned script.

I run the script and I obtained this error in JS Console,

500 Internal Error
Stacktrace-Details:
org.springframework.extensions.webscripts.WebScriptException: 02170092 Wrapped Exception (with status template): A valid SecureContext was not provided in the RequestContext

.

.

Caused by: net.sf.acegisecurity.AuthenticationCredentialsNotFoundException: A valid SecureContext was not provided in the RequestContext
at net.sf.acegisecurity.intercept.AbstractSecurityInterceptor.credentialsNotFound(AbstractSecurityInterceptor.java:481)

But the INFO logs in catalina.out seem correct and without errors.

2017-03-17 16:40:56,596 INFO [security.sync.ChainingUserRegistrySynchronizer] [http-apr-8080-exec-10] Synchronizing users and groups with user registry 'myldap'
2017-03-17 16:40:56,642 INFO [security.sync.ChainingUserRegistrySynchronizer] [http-apr-8080-exec-10] Retrieving groups changed since 13-mar-2017 11:25:54 from user registry 'myldap'
2017-03-17 16:40:56,668 INFO [security.sync.ChainingUserRegistrySynchronizer] [http-apr-8080-exec-10] Synchronization,Category=directory,id1=myldap,id2=1 Group Analysis: Commencing batch of 0 entries
2017-03-17 16:40:56,668 INFO [security.sync.ChainingUserRegistrySynchronizer] [http-apr-8080-exec-10] Synchronization,Category=directory,id1=myldap,id2=1 Group Analysis: Completed batch of 0 entries
2017-03-17 16:40:56,670 INFO [security.sync.ChainingUserRegistrySynchronizer] [http-apr-8080-exec-10] Retrieving users changed since 13-mar-2017 11:21:34 from user registry 'myldap'
2017-03-17 16:40:56,674 INFO [security.sync.ChainingUserRegistrySynchronizer] [http-apr-8080-exec-10] Synchronization,Category=directory,id1=myldap,id2=6 User Creation and Association: Commencing batch of 16 entries
2017-03-17 16:40:56,752 INFO [security.sync.ChainingUserRegistrySynchronizer] [http-apr-8080-exec-10] Synchronization,Category=directory,id1=myldap,id2=6 User Creation and Association: Processed 16 entries out of 16. 100% complete. Rate: 205 per second. 0 failures detected.
2017-03-17 16:40:56,753 INFO [security.sync.ChainingUserRegistrySynchronizer] [http-apr-8080-exec-10] Synchronization,Category=directory,id1=myldap,id2=6 User Creation and Association: Completed batch of 16 entries
2017-03-17 16:40:56,788 INFO [security.sync.ChainingUserRegistrySynchronizer] [http-apr-8080-exec-10] Finished synchronizing users and groups with user registry 'myldap'
2017-03-17 16:40:56,788 INFO [security.sync.ChainingUserRegistrySynchronizer] [http-apr-8080-exec-10] 16 usuarios y 0 grupos procesados

Does it have sense ?

Regards.

--C.

You should not have any issues / errors executing that script. Are you executing it with a proper authentication (you can set other runAs contexts with JavaScript Console)?