Our architecture is like this:
1.Have an Identity Source using the eDir .
2.Have some connected systems, such as Oracle DB, Lotus notes and Open
Ldap.
3.The Identity source can synchronize the user's identity information to
the connected system by drivers.
4.We can control the user's provision to the connected systems by
workflow.

We do the following steps
1.We create a user in the Identity Source.
2.The user gets the entitlement of account for the connected system by
workflow.
3.The Identity Source synchronize the user's information to the connected
system.
4.The admin disable the user's account of the connect system ( the way of
disabling the account is to delete the user in the connected system).

Now, the user has be deleted in the connected system. But it exists in the
Identity Source eDirectory.

The problem is:
As far as we know, the user can be recreated in the connected system by
"migrate form the vault". But it is hard to be recreated and synchronized
by the policy or by the user's provision.
Additionally , the way of the connected system to disable the user is to
delete the user. There is no "login disable " attribute in the user's
information structure.

Is there some other ways can implement the user's recreation in the
connected system?