Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Can you make it so Active Directory cannot reuse a username even if the username has been deleted?

Posted on 2016-12-01
6
Medium Priority
?
72 Views
Last Modified: 2016-12-01
Hello. Is there a way to force Active Directory to not let you use a username of a previously deleted account? For instance if Jane Smith's username is jsmith and leaves the company and we delete her account I would like to make it so that AD will not let me use jsmith for a new hire James Smith. Is this possible?
0
Comment
Question by:Don Harvey
  • 2
  • 2
  • 2
6 Comments
 
LVL 96

Expert Comment

by:Lee W, MVP
ID: 41909255
No way I've ever heard of.  Could you explain why you want this?  Perhaps we can offer a solution then?
0
 
LVL 22

Expert Comment

by:JesterToo
ID: 41909268
Rather than delete the account, why don't ypou just disable it?  That would accomplish what you want and also preserve some history of the former user.
0
 

Author Comment

by:Don Harvey
ID: 41909277
Our organization is migrating from Exchange to Gmail. Because of regulations we have to keep all emails for a long time. Limitations to Google's ediscovery is forcing us to keep the Gmail accounts for ever (or until they enhance the product).

Another though is when we delete an account can we create a contact (or other type of object) with the old user name and would that keep us from using it? My hunch is no.
0
Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

 

Author Comment

by:Don Harvey
ID: 41909279
The disable thing may be our best options but because of IRS regulations and audits we would have to create a locked down OU. They request that accounts where no one has logged into them for 60 days or more get deleted. So we would have to prove the security to the IRS in our next audit.
0
 
LVL 22

Accepted Solution

by:
JesterToo earned 2000 total points
ID: 41909287
Perhaps you could check with the legal department to see if disabled would suffice.  It seems to offer more protection, and historical benefit, than simply deleting the user account regardless of what OU it is contained in.  Just my opinion :)
1
 
LVL 96

Expert Comment

by:Lee W, MVP
ID: 41909364
Are you sure Google is the best solution for you at this time? It seems to be creating problems for you.
0

Featured Post

Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Here's a look at newsworthy articles and community happenings during the last month.
Microsoft Office 365 is a subscriptions based service which includes services like Exchange Online and Skype for business Online. These services integrate with Microsoft's online version of Active Directory called Azure Active Directory.
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
Suggested Courses

886 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question