Can you make it so Active Directory cannot reuse a username even if the username has been deleted?

Posted on 2016-12-01
Last Modified: 2016-12-01
Hello. Is there a way to force Active Directory to not let you use a username of a previously deleted account? For instance if Jane Smith's username is jsmith and leaves the company and we delete her account I would like to make it so that AD will not let me use jsmith for a new hire James Smith. Is this possible?
Question by:Don Harvey
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
  • 2
LVL 96

Expert Comment

by:Lee W, MVP
ID: 41909255
No way I've ever heard of.  Could you explain why you want this?  Perhaps we can offer a solution then?
LVL 22

Expert Comment

ID: 41909268
Rather than delete the account, why don't ypou just disable it?  That would accomplish what you want and also preserve some history of the former user.

Author Comment

by:Don Harvey
ID: 41909277
Our organization is migrating from Exchange to Gmail. Because of regulations we have to keep all emails for a long time. Limitations to Google's ediscovery is forcing us to keep the Gmail accounts for ever (or until they enhance the product).

Another though is when we delete an account can we create a contact (or other type of object) with the old user name and would that keep us from using it? My hunch is no.
Office 365 Training for Admins

Learn how to provision tenants, synchronize on-premise Active Directory, and implement Single Sign-On with these master level course.  Only from Platform Scholar


Author Comment

by:Don Harvey
ID: 41909279
The disable thing may be our best options but because of IRS regulations and audits we would have to create a locked down OU. They request that accounts where no one has logged into them for 60 days or more get deleted. So we would have to prove the security to the IRS in our next audit.
LVL 22

Accepted Solution

JesterToo earned 500 total points
ID: 41909287
Perhaps you could check with the legal department to see if disabled would suffice.  It seems to offer more protection, and historical benefit, than simply deleting the user account regardless of what OU it is contained in.  Just my opinion :)
LVL 96

Expert Comment

by:Lee W, MVP
ID: 41909364
Are you sure Google is the best solution for you at this time? It seems to be creating problems for you.

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Looping through each DC for most recent LastLogon 24 103
ntp server 15 76
Certificate Authority Issues 6 50
Office 365:  Hybrid without everyone DirSync 5 60
This article outlines the process to identify and resolve account lockout in an Active Directory environment.
Always backup Domain, SYSVOL etc.using processes according to Microsoft Best Practices. This is meant as a disaster recovery process for small environments that did not implement backup processes and did not run a secondary domain controller that ne…
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This video shows how to use Hyena, from SystemTools Software, to update 100 user accounts from an external text file. View in 1080p for best video quality.

737 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question