If you have named users who have been removed from an ad group, he won't have access to group content but still has valid named user account. Is there a way to delete his named user account automatically once he is dropped from the ad group?
I guess that is not possible yet.
If a member is deleted directly from the identity store, the member is retained in the portal. You will need to delete the member manually in the portal.
But I believe you can script the user removal with Python.
The PortalPy library on Github I believe has the tools for doing this.
And I would imagine that ArcPython (in beta) will have similar functionality.
The ArcREST library might also help.
When I say script it, I mean you could have a python script that you could pass the user name to and have it remove the user.
That's quasi-automated in my mind.
Somehow to fully automate, you have to get AD to trigger a function or maybe you could hook to AD and watch the groups and when a name drops off, auto remove it or ... I have not worked with AD in python but this lib looks pretty simple:
That would mean keeping a table of groups in a file and users in the groups (basically duplicating the AD tree for the groups you are enabling in Portal) and running a nightly or weekly process to watch for changes.
Maybe the PortalAdmin tools from GeoJobe have something?