Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Link or associate Active Directory user accounts to other user accounts ?

Posted on 2010-08-18
4
Medium Priority
?
629 Views
Last Modified: 2012-06-21
We have a Windows Server 2008 domain where we set up new business owners. Often times later on, they'll hire business managers and other staff of their own, and request new email accounts, etc. We create them as seperate accounts, organized into one of 3 OU's. Is there a good way to link or associate AD accounts to other specific AD accounts ? The main problem we're having is that we don't necessarily have a great record of these staff & manager accounts when a business owner terminates or leaves the system, and they become abandoned in our AD.

Thanks!

0
Comment
Question by:budgetblinds
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 4

Accepted Solution

by:
sire_harvey earned 750 total points
ID: 33470585
Several things you can do here. First of all should be a form the Business owners fill out to aquire a new User Account. That way you have a record of users coming in.
Second thing i would do is use the AD User account field "Managed By" and point it at that employee's manager.
Third thing i would do is have a form the Managers fill out when staff / contractors leave. That way you can disable the account and also have a record of the AD change.

It sounds more like a managerial process issue, than an IT issue.
0
 

Author Comment

by:budgetblinds
ID: 33470617
Appreciate the response, but we have forms in place for entering & exiting the system. Again, that only revolves around the business owners; not employees they hire after they are an owener. Legal & the forms only care about the people writing us checks; not their staff.

Was not aware of the "Managed By" capability in 2008 AD. I'll take a look at that. Was hoping for some kind of feature where I could link a few AD accounts together, then where one of the accounts couldn't be deleted without un-linking or deleting the other accounts as well.

Thanks
0
 
LVL 57

Assisted Solution

by:Mike Kline
Mike Kline earned 750 total points
ID: 33470697
After reading your response no way that I know of to do what you want  (can't delete User Object A unless User Account B is deleted first)

There are tools to try and identify old/abandoned accounts

Old computer by Joe Richards is a good one

http://www.joeware.net/freetools/tools/oldcmp/index.htm

Works with users with the -users switch.

We use it for computers and users.  We disable after 120 days and delete after 180.

Thanks

Mike
0
 

Author Closing Comment

by:budgetblinds
ID: 33591550
Seems unfortunately there is no way to do exactly what we were hoping. Thanks for the suggestions.
0

Featured Post

NFR key for Veeam Agent for Linux

Veeam is happy to provide a free NFR license for one year.  It allows for the non‑production use and valid for five workstations and two servers. Veeam Agent for Linux is a simple backup tool for your Linux installations, both on‑premises and in the public cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Active Directory can easily get cluttered with unused service, user and computer accounts. In this article, I will show you the way I like to implement ADCleanup..
One-stop solution for Exchange Administrators to address all MS Exchange Server issues, which is known by the name of Stellar Exchange Toolkit.
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
Suggested Courses

618 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question