?
Solved

What do you guys do with Windows AD old user accounts?

Posted on 2008-06-19
7
Medium Priority
?
259 Views
Last Modified: 2013-12-02
this is a dumb question. we are running Active Directory of course. there are many old accounts (windows and Exchange) from employees who have left long time ago.

do you guys just delete them or just disable them? I have many complaints on seeing these users in GAL or groups.

what do you guys do?
0
Comment
Question by:PaperTiger
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
7 Comments
 
LVL 17

Accepted Solution

by:
Andres Perales earned 140 total points
ID: 21825954
We disable account for 90 days, reset the password to an administrative password for those accounts, hide account from the GAL so that they do not show up and annoy people.

After 90 days we delete the account, the mail box will stay in exhange another 15 days then automatically purges.
0
 
LVL 26

Assisted Solution

by:MidnightOne
MidnightOne earned 120 total points
ID: 21825957
I disable the user account, reset the password and hide the user from the address book. After 90 days, the account can be deleted permanently.
0
 
LVL 58

Assisted Solution

by:tigermatt
tigermatt earned 120 total points
ID: 21826108
We usually keep them for between 90 and 180 days. During this time, another user will be delegated the respnsibility of checking the Exchange mailbox of this account to deal with any incoming mail. Of course, during this time, anyone important who is going to make contact will already have done so, and received the new contact information. This also allows the user to retrieve important mail from the user's mailbox and their Documents folder.

After this time, we completely delete the account, files and mailbox from the system, although if it was a very important user, their information is usually archived (PST file for Exchange mailbox) before they are deleted, just in case there was important financial information or something else present in there!

-tigermatt
0
Use Case: Protecting a Hybrid Cloud Infrastructure

Microsoft Azure is rapidly becoming the norm in dynamic IT environments. This document describes the challenges that organizations face when protecting data in a hybrid cloud IT environment and presents a use case to demonstrate how Acronis Backup protects all data.

 
LVL 2

Assisted Solution

by:thor_08
thor_08 earned 120 total points
ID: 21826110
Hello Paper Tiger, it's best to disable the account immediately and reset the password to a password Standard, hide the user to the GAL. That way we avoid the user access to resources and mantém the user's mailbox when someone needed E-mails from that account.
After a few weeks, you can eliminate.
If there is enough movement of the user accounts of active driectory, you can use a script to automatically removes
Greetings
0
 
LVL 8

Author Comment

by:PaperTiger
ID: 21826270
so, deleting is perfectly fine?
0
 
LVL 17

Expert Comment

by:Andres Perales
ID: 21826289
There is nothing wrong with deleting...we just keep for administrative purposes is all...if you know the user is gone, then you should delete the account, if no one needs access to their mail, that can go away too...
0
 
LVL 58

Expert Comment

by:tigermatt
ID: 21826345
>>> "so, deleting is perfectly fine?"

Yes - you can safely delete them. They shouldn't have any custom services or applications running on them, so in theory nothing is relying upon them and they can therefore be removed.

It's just good to keep the mail and files present for a while and get someone in the old user's department to check over these - just in case that one important file is hidden away somewhere!
0

Featured Post

10 Questions to Ask when Buying Backup Software

Choosing the right backup solution for your organization can be a daunting task. To make the selection process easier, ask solution providers these 10 key questions.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Have you considered what group policies are backwards and forwards compatible? Windows Active Directory servers and clients use group policy templates to deploy sets of policies within your domain. But, there is a catch to deploying policies. The…
Remote Apps is a feature in server 2008 which allows users to run applications off Remote Desktop Servers without having to log into them to run the applications.  The user can either have a desktop shortcut installed or go through the web portal to…
Michael from AdRem Software outlines event notifications and Automatic Corrective Actions in network monitoring. Automatic Corrective Actions are scripts, which can automatically run upon discovery of a certain undesirable condition in your network.…
In this video, Percona Director of Solution Engineering Jon Tobin discusses the function and features of Percona Server for MongoDB. How Percona can help Percona can help you determine if Percona Server for MongoDB is the right solution for …
Suggested Courses
Course of the Month8 days, 20 hours left to enroll

765 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question