Best Practices for Deleting Users

Posted on 2006-04-19
Medium Priority
Last Modified: 2010-03-19
There are some people in my client's organization that have left.  What is the accepted best practice for removing these individuals?  Simply delete the user in ADUC or disable?  Will they still have a presence in email lists?
Question by:mentisgroup

Expert Comment

ID: 16488722
You can disable the accounts and Hide their membership from distribution lists if you don't want to delete.

I would say the best practice is to archive all of the user data, disable the account for 30-60 days, then delete.
LVL 25

Accepted Solution

Ron Malmstead earned 2000 total points
ID: 16488770
this is "best practice" for SOX compliance.

create an OU in active directory for "Users - Terminated".
When a user is termed, disable their account, and move them into the above OU (organizational unit).
In the description you will put the day they are termed and the day they are to be deleted....usually 60 days after term date.  Remove usernames in applications that have built in security such as accounting programs.

So the idea here is to disable, then in 60 days ...delete accounts and remove mailboxes at the same time.

When a user is disabled, no mail can be sent or recieved to their account.  Additionally, their mailbox cannot be backed up as an individual mapi mailbox backup.  You can back up the store, but not the individual mailbox.  This means you can't restore their individual mailbox without restoring the information store first.  Not usually a problem in small networks.

Suggestion,........Create a user termination checklist that is applicable to the size and needs of your organization, and document everything.


Expert Comment

ID: 16497283
I don't know it's the best practice, but it's mine :

I archive on a CD (or DVD) the profile and the personnal data of the user.
After I look all group and I delete the account from all group (I list all group on a document that I put on the CD)
I desactive the account
I create rules in the mail box :
 - Reply all to advertise this email it's no longer use, and I give the new email (I advertise that the mail is forwarded)
 - Forward all mails to another user

After 6 month, i deleted the account in the domain and the email address

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article will inform Clients about common and important expectations from the freelancers (Experts) who are looking at your Gig.
If you’re involved with your company’s wide area network (WAN), you’ve probably heard about SD-WANs. They’re the “boy wonder” of networking, ostensibly allowing companies to replace expensive MPLS lines with low-cost Internet access. But, are they …
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…

830 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question