Best Practices for Deleting Users

There are some people in my client's organization that have left.  What is the accepted best practice for removing these individuals?  Simply delete the user in ADUC or disable?  Will they still have a presence in email lists?
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

You can disable the accounts and Hide their membership from distribution lists if you don't want to delete.

I would say the best practice is to archive all of the user data, disable the account for 30-60 days, then delete.
Ron MalmsteadInformation Services ManagerCommented:
this is "best practice" for SOX compliance.

create an OU in active directory for "Users - Terminated".
When a user is termed, disable their account, and move them into the above OU (organizational unit).
In the description you will put the day they are termed and the day they are to be deleted....usually 60 days after term date.  Remove usernames in applications that have built in security such as accounting programs.

So the idea here is to disable, then in 60 days ...delete accounts and remove mailboxes at the same time.

When a user is disabled, no mail can be sent or recieved to their account.  Additionally, their mailbox cannot be backed up as an individual mapi mailbox backup.  You can back up the store, but not the individual mailbox.  This means you can't restore their individual mailbox without restoring the information store first.  Not usually a problem in small networks.

Suggestion,........Create a user termination checklist that is applicable to the size and needs of your organization, and document everything.


Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
I don't know it's the best practice, but it's mine :

I archive on a CD (or DVD) the profile and the personnal data of the user.
After I look all group and I delete the account from all group (I list all group on a document that I put on the CD)
I desactive the account
I create rules in the mail box :
 - Reply all to advertise this email it's no longer use, and I give the new email (I advertise that the mail is forwarded)
 - Forward all mails to another user

After 6 month, i deleted the account in the domain and the email address
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.