We are running FIM 2010 4.0.3594.2, with an Active Directory Management Agent configured with Exchange 2010. The AD MA is configured to deprovision a user after X amount of days via coded provisioning rules. This works for all users except those that have an Exchange ActiveSync device (used for mobile connectivity).
I noticed that on specific users deprovisioning fails with an error: "The directory service can perform the requested operation only on a leaf object." This is due to the fact that their ActiveSync device is created as a container object under their user object. Therefore user "cn=Smith, Paul" might have a container object "CN=ExchangeActiveSyncDevices" which then has entries to each paired device.
Is there a setting I can set to force the AD MA to delete user objects and their nested objects? Just like how there is a "Configure Provisioning Hierachy" you would think there would be a deprovision hierachy that could be set as well.
Currently, we don't want FIM to manage ActiveSync devices as I realize that could be a solution.