Solved

What do you guys do with Windows AD old user accounts?

Posted on 2008-06-19
7
250 Views
Last Modified: 2013-12-02
this is a dumb question. we are running Active Directory of course. there are many old accounts (windows and Exchange) from employees who have left long time ago.

do you guys just delete them or just disable them? I have many complaints on seeing these users in GAL or groups.

what do you guys do?
0
Comment
Question by:PaperTiger
7 Comments
 
LVL 17

Accepted Solution

by:
Andres Perales earned 35 total points
ID: 21825954
We disable account for 90 days, reset the password to an administrative password for those accounts, hide account from the GAL so that they do not show up and annoy people.

After 90 days we delete the account, the mail box will stay in exhange another 15 days then automatically purges.
0
 
LVL 26

Assisted Solution

by:MidnightOne
MidnightOne earned 30 total points
ID: 21825957
I disable the user account, reset the password and hide the user from the address book. After 90 days, the account can be deleted permanently.
0
 
LVL 58

Assisted Solution

by:tigermatt
tigermatt earned 30 total points
ID: 21826108
We usually keep them for between 90 and 180 days. During this time, another user will be delegated the respnsibility of checking the Exchange mailbox of this account to deal with any incoming mail. Of course, during this time, anyone important who is going to make contact will already have done so, and received the new contact information. This also allows the user to retrieve important mail from the user's mailbox and their Documents folder.

After this time, we completely delete the account, files and mailbox from the system, although if it was a very important user, their information is usually archived (PST file for Exchange mailbox) before they are deleted, just in case there was important financial information or something else present in there!

-tigermatt
0
Migrating Your Company's PCs

To keep pace with competitors, businesses must keep employees productive, and that means providing them with the latest technology. This document provides the tips and tricks you need to help you migrate an outdated PC fleet to new desktops, laptops, and tablets.

 
LVL 2

Assisted Solution

by:thor_08
thor_08 earned 30 total points
ID: 21826110
Hello Paper Tiger, it's best to disable the account immediately and reset the password to a password Standard, hide the user to the GAL. That way we avoid the user access to resources and mantém the user's mailbox when someone needed E-mails from that account.
After a few weeks, you can eliminate.
If there is enough movement of the user accounts of active driectory, you can use a script to automatically removes
Greetings
0
 
LVL 8

Author Comment

by:PaperTiger
ID: 21826270
so, deleting is perfectly fine?
0
 
LVL 17

Expert Comment

by:Andres Perales
ID: 21826289
There is nothing wrong with deleting...we just keep for administrative purposes is all...if you know the user is gone, then you should delete the account, if no one needs access to their mail, that can go away too...
0
 
LVL 58

Expert Comment

by:tigermatt
ID: 21826345
>>> "so, deleting is perfectly fine?"

Yes - you can safely delete them. They shouldn't have any custom services or applications running on them, so in theory nothing is relying upon them and they can therefore be removed.

It's just good to keep the mail and files present for a while and get someone in the old user's department to check over these - just in case that one important file is hidden away somewhere!
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The question has been asked on multiple occasions as to how best to do printing in a remote desktop or terminal services environment.   It seems that this particular question has plagued several people and most especially as Terminal Services, as…
Welcome to my series of short tips on migrations. Whilst based on Microsoft migrations the same principles can be applied to any type of migration. My first tip Migration Tip #1 – Source Server Health can be found listed in my profile here: http:…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

809 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question