Periodically managing the Active Directory can be a critical yet time and resource intensive task. It involves inventorying the critical objects in AD, managing stale accounts or updating access and permissions for accounts, organizing group memberships, managing Microsoft 365 licenses, and configuring disable or delete policy, etc. Manually performing all these tasks is not a sustainable method of AD management over time as the organization scales up. Automating critical and repetitive tasks like AD clean up would pave way for more efficient AD management and while also removing the need for admins/technicians to spend a major chunk of their time on repetitive, simple yet unavoidable activities.

How to configure an automated Active Directory clean up? 

1. Navigate to Automation tab > Automation Policy > Create New Automation
   

2. Automation policy Name and Description - Enter a suitable name and description for the automation process.
   

• Automation Category - Choose User Management.
  

• Domain - Choose the domain and OUs where the task should be run in.
  

• Automation Task/Policy - From the 'Automation policy' list, select the 'user deprovisioning' policy.
  

• From Report - Click this tab and choose the reports from which you wish dep provision users. For example, inactive users report.
  

• Implement Business Workflow - Enable this option if you wish that the user account deletion be carried out after approval. This option will automatically create a user deletion request; once it is approved by the appropriate technician or user mentioned in the workflow, the user accounts will be deleted from AD.
  

• Select the Execution time and Frequency at which you want the automated user deprovisioning to be done.
  

• Enable the Notification option if you wish to notify the technician every time the automation gets executed.
  

3. Click Save.
   

Tune in next week for another quick tip to manage your Active Directory better!

Cheers,

Team ADManager Plus