Deprovisioning best practices series #3: Regularly clean up stale accounts

Deprovisioning best practices series #3: Regularly clean up stale accounts

Inactive user accounts are a major threat to an organization's security as they can be easily exploited by attackers to gain entry into the network. In order to keep the Active Directory clean and secure, it is important to ensure that inactive user accounts are removed regularly and any excess privileges are revoked. But manually identifying and deleting or disabling stale accounts on a regular basis can be a daunting task. This practice is also essential to comply with various mandatory data privacy regulations. An easy solution to this is to automate the stale account clean-up process.


ADManager Plus' automated deprovisioning feature coupled with its customizable delete policy can help you automatically deprovision user accounts and divest them of all the access privileges sequentially. The following steps will guide you through the process.


Configure automated deprovisioning of user accounts

1. Navigate to Automation tab > Automation > Create New Automation and configure the following settings.

2. Automation policy Name and Description - Enter a suitable name and description for the automation process.

3. Automation Category - Choose User Management.

4. Domain - Choose the domain and OUs where the task should be run in.

5. Automation Task/Policy - From the 'Automation policy' list, select the 'user deprovisioning' policy.

6. Location of CSV - Choose the location of your CSV file which contains the list of users to be deprovisioned.

7. Implement Business Workflow - Enable this option if you wish that the user deletion be carried out after approval. This option will automatically create a 'delete user' request; once it is approved by the appropriate technician or user mentioned in the workflow, the user account will be deleted from AD.

8. Select the Execution time and Frequency at which you want the automated user deprovisioning to be done.

9. Enable the Notification option if you wish to notify the technician every time the automation gets executed.

10.  Click Save.



Don't miss out on the previous article in this series on making the most of reports for efficient off-boarding and configuring disable and delete policies.


Tune in next week for another quick tip for better identity and access management!



Team ADManager Plus


      New to ADSelfService Plus?