Once you get a report of inactive user accounts and review the access and permissions, the next step is to disable or delete these accounts. Their access and permissions should also be revoked immediately to prevent the accounts from being exploited for insider attacks. When this process is done manually, it could take a while, and sometimes even a few days due to oversight or human errors, to complete the access rollback requests. This might cause a security gap that could be easily exploited. Hence, ADManager Plus provides the capability to configure disable and delete policies that are automatically triggered when a user account is disabled or deleted.
How to configure a disable and delete policy ?
Navigate to Admin> Custom Settings> Delete/Disable Policy
To define a delete policy,
Select the Domain to which you wish to apply the delete policy to.
Click on the Delete Policy tab to select the actions that must be performed when user accounts are deleted.
To delete the home folders and profile paths when the corresponding user accounts are deleted, select the desired options from the Home Folders and Profiles section.
To delete the mailboxes along with the user accounts, select the delete user mailbox permanently option located under 'Mailboxes & Other accounts'.
Export user mailbox option allows you to export user mailbox to the specified location before deleting the user(s). You can track the status of the export mailbox requests with Mailbox Export History option. If the export fails, the user(s) will not be deleted.
If you wish to execute a custom script when user accounts are deleted, use run custom script option located under Custom Script.
To define a disable policy,
In the Delete/Disable Policy pane, click the Delete Policy tab to select the actions that must be performed when user accounts are deleted.
To delete the home folders and profile paths when the corresponding user accounts are deleted, select the desired options from the Home Folders and Profiles section.
To delete the mailboxes and hide the user's address from the Exchange lists, select the delete user mailbox permanently option located under Mailboxes & Other accounts.
To revoke an Office 365 user's membership from all MS Teams, select the Remove user from MS Teams option.
If you wish to move the users being disabled to a specific OU or remove them from all the groups that they are currently members of, use the relevant options under the other tasks section.
To execute a custom script when user accounts are disabled, use run custom script option located under Custom Script.
Click Save.
Tune in next week to know how to set up an automated, customized clean-up process for inactive user accounts with ADManager Plus so you don't have to worry about stale accounts again.
Cheers,