Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

What do you guys do with Windows AD old user accounts?

Posted on 2008-06-19
7
251 Views
Last Modified: 2013-12-02
this is a dumb question. we are running Active Directory of course. there are many old accounts (windows and Exchange) from employees who have left long time ago.

do you guys just delete them or just disable them? I have many complaints on seeing these users in GAL or groups.

what do you guys do?
0
Comment
Question by:PaperTiger
7 Comments
 
LVL 17

Accepted Solution

by:
Andres Perales earned 35 total points
ID: 21825954
We disable account for 90 days, reset the password to an administrative password for those accounts, hide account from the GAL so that they do not show up and annoy people.

After 90 days we delete the account, the mail box will stay in exhange another 15 days then automatically purges.
0
 
LVL 26

Assisted Solution

by:MidnightOne
MidnightOne earned 30 total points
ID: 21825957
I disable the user account, reset the password and hide the user from the address book. After 90 days, the account can be deleted permanently.
0
 
LVL 58

Assisted Solution

by:tigermatt
tigermatt earned 30 total points
ID: 21826108
We usually keep them for between 90 and 180 days. During this time, another user will be delegated the respnsibility of checking the Exchange mailbox of this account to deal with any incoming mail. Of course, during this time, anyone important who is going to make contact will already have done so, and received the new contact information. This also allows the user to retrieve important mail from the user's mailbox and their Documents folder.

After this time, we completely delete the account, files and mailbox from the system, although if it was a very important user, their information is usually archived (PST file for Exchange mailbox) before they are deleted, just in case there was important financial information or something else present in there!

-tigermatt
0
Best Practices: Disaster Recovery Testing

Besides backup, any IT division should have a disaster recovery plan. You will find a few tips below relating to the development of such a plan and to what issues one should pay special attention in the course of backup planning.

 
LVL 2

Assisted Solution

by:thor_08
thor_08 earned 30 total points
ID: 21826110
Hello Paper Tiger, it's best to disable the account immediately and reset the password to a password Standard, hide the user to the GAL. That way we avoid the user access to resources and mantém the user's mailbox when someone needed E-mails from that account.
After a few weeks, you can eliminate.
If there is enough movement of the user accounts of active driectory, you can use a script to automatically removes
Greetings
0
 
LVL 8

Author Comment

by:PaperTiger
ID: 21826270
so, deleting is perfectly fine?
0
 
LVL 17

Expert Comment

by:Andres Perales
ID: 21826289
There is nothing wrong with deleting...we just keep for administrative purposes is all...if you know the user is gone, then you should delete the account, if no one needs access to their mail, that can go away too...
0
 
LVL 58

Expert Comment

by:tigermatt
ID: 21826345
>>> "so, deleting is perfectly fine?"

Yes - you can safely delete them. They shouldn't have any custom services or applications running on them, so in theory nothing is relying upon them and they can therefore be removed.

It's just good to keep the mail and files present for a while and get someone in the old user's department to check over these - just in case that one important file is hidden away somewhere!
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
upgrade Vcenter to V6 10 95
Windows Server 2016 Essentials with Exchange 2016. Is it feasible solution? 7 1,256
SQL Query - Issue with Top Statement 5 48
sccm importing drivers 4 43
Some time ago I faced the need to use a uniform folder structure that spanned across numerous sites of an enterprise to be used as a common repository for the Software packages of the Configuration Manager 2007 infrastructure. Because the procedu…
Know what services you can and cannot, should and should not combine on your server.
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

840 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question