AD Account Management
Posted on 2009-04-21
I am after some idea on how you manage user accounts in your active directory environment?
Our organisation, like many others, has IT Support outsourced to an external vendor who is responsible for physically creating new users, modifying permissions, and terminating employees network access who have left the authority.
My question is, what controls do you have in place for new employees requiring a login. Who inititates the call with your IT vendor to get this new starter setup on your networks? Management, or users themselves? How do you overcome potential fraud and social engineering type attacks? How is the AD alias and password communicated to the new starter?
Also same for employees who have left your organisation?
Any do's and dont's would be much appreciated, or account management procedures that you use and can recommend to mitigate risks to your AD environment would be most welcome.