Deleting a vCAC Tenant from SSO

There sometimes comes a point when you want to start over with vCAC. This could mean that you're ready to try the installation again or that something broke along the way. In either case, you can find yourself in a situation where you want to reuse an SSO source, but when you try to create a tenant you get errors saying that the tenant already exists.

We should be very careful here to make sure and call out that if your tenants have disappeared from your tenant screen in the shell-ui-app page, that it's probably a different issue (that issue can be seen here) . This article is only for if you removed the vCAC aspect of the solution without first deleting the tenants from the UI.

It goes without saying that these next steps are at your own risk

Deleting a vCAC Tenant from SSO 
1. Download an LDAP explorer tool like JXplorer 
2. Create a new connection to your SSO machine, keeping in mind to specify port 11711 if you're using vCenter SSO or port 389 for the SSO Identity appliance. For this step, leave "Base DN" blank!. The Admin User DN is going to be "cn=administrator,cn=users,dc=vsphere,dc=local" without the quotes.
3. Start by deleting the tenant in World -> local -> vsphere -> Services -> identity manager -> Tenants -> <your tenant
4. With that first part deleted, start a new LDAP connection to the SSO server. Keep all the connection information the same, but this time, enter DC=<your tenant> in the base DN field.
5. Delete the tenant DC in World -> <your tenant>
6. Restart SSO 
7. If you were having issues with adding a tenant of the same name because it says that the tenant already exists, you may now add tenant to vCAC