sword12
asked on
what the best way to disable AD users
Hi
in our company we have different type of employment
1- users come to work for just 6 month then leave the company like students
2- users work for some time like 2 years then leave
3- and the normal users
one of the problem is that some users leave us for one year then come back to work with us the same in student case
and we are as an IT department we don't know if this user will come backup to work even after one year
but all the time i have discussion with my colleagues how we can disable these users and how long we can keep them in our AD as disabled accounts
what the best way to save there emails
they create file and directories so what about the ownership and other stuff
so i need good advice what the best way to Handel such case
thanks
Sword
in our company we have different type of employment
1- users come to work for just 6 month then leave the company like students
2- users work for some time like 2 years then leave
3- and the normal users
one of the problem is that some users leave us for one year then come back to work with us the same in student case
and we are as an IT department we don't know if this user will come backup to work even after one year
but all the time i have discussion with my colleagues how we can disable these users and how long we can keep them in our AD as disabled accounts
what the best way to save there emails
they create file and directories so what about the ownership and other stuff
so i need good advice what the best way to Handel such case
thanks
Sword
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Yes, clear policy on that should be in place.
may be this option works
like once the employee leave the organization we generally move his mailbox to AD/Disabled_Object/Peoples OU , if in case he returns we enable it and move it back to AD/Peoples/Employees/Locat ion. and we will not have any policy applied on this AD/Disabled_Object/Peoples OU .
AP-Disable.png
like once the employee leave the organization we generally move his mailbox to AD/Disabled_Object/Peoples
AP-Disable.png
ASKER
but my point is even after one month i disabled the user
what can do with his or her emails
and in case i did the following
1- disabled the AD account
2- take the emails as PST and archive them
then let us say the user come back . so i can enable his AD account again and bring his or her old emails
but the question right now i have around 300 disabled account and emails already archived
my point i want to delete these accounts permanently because i cant keep a lot of disabled objects inside AD
but my colleague agents me he said we have to keep them all and keep there emails for some years
maybe we need them for any reason technical or legal .
any advice in this direction ?
thanks
Sword