Free up unused ADSelfService Plus licenses
As employees enter and leave an organization, there may be a substantial amount of stale user accounts in Active Directory. Stale accounts should be removed from the purview of ADSelfService Plus so that the license assigned to them can be reclaimed and assigned to other users who need it. The Restrict Users feature in ADSelfService Plus helps you remove stale accounts either automatically or manually.
As the name suggests, this feature not only frees up the licenses assigned to these accounts but also restricts them from accessing ADSelfService Plus in the future. Restricted users' enrollment data is also automatically removed.
Types of accounts that can be restricted
Here are the types of user accounts that can be restricted using the Restrict Users feature:
- Account Expired - Accounts that have expired in Active Directory.
- Account Disabled - Accounts that have been disabled by the administrator.
- Inactive Users - Accounts that have not logged in to the domain for a specific period of time.
- Deleted Users - Accounts that had been deleted from Active Directory within the past 90 days.
- Unowned Licenses - Accounts that had been deleted from Active Directory before 90 days.
- Service Accounts - Active Directory service accounts.
- Smart Card Users - User accounts that use a smart card for authenticating their workstations.
Configuring the Restrict Users feature
There are two ways to use this feature:
- Manual method: Selecting stale user accounts and revoking their ADSelfService Plus licenses.
- Automatic method: Creating a scheduler that will automatically find stale user accounts and free up unused licenses at regular intervals.
To restrict stale accounts manually:
Go to Admin > License Management > Restrict Users.
In the Restricted Users section, click Restrict Users.
- The Restrict Users section will open. Specify the domain using the Select Domain drop-down menu. You can also use the OUs option to select Organization Units.
- Select the stale user account type using the Account Type drop-down menu. In the case of Inactive Users and Deleted Users, select the number of days for which the user accounts have been inactive or deleted respectively.
- Click Generate.
- A list of stale Active Directory user accounts is generated.
- From this list, select the accounts you want to restrict. You can select individual accounts or select all the accounts at once.
- Click Restrict.
To restrict stale accounts automatically:
- Go to Admin > License Management > Restrict Users.
- Click Schedule to Restrict/Unrestrict. The Schedule to Restrict/Unrestrict section will appear
- Select the Restrict tab and click Add New Scheduler.
- Enter a Scheduler Name.
- Select the domain using the Select Domain field and use the OUs option to select the desired Organizational Units.
- In the Select Account Type section, specify the type of stale user accounts that you want to restrict.
- In the Select Duration section, specify the frequency of the scheduler.
- Use the Notify Admin option to select an email ID to which the restricted users list will be sent periodically.
- Click Save.
- Now according to the frequency set, the scheduler will automatically run and restrict the stale Active Directory user accoun
Restricting stale user accounts allows organizations to reuse the ADSelfService Plus licenses assigned to these accounts thereby saving money and attaining maximum benefit from the licenses purchased.
New to ADSelfService Plus?
Related Articles
How to remove stale licenses from ADSelfService Plus
The existing ADSelfService Plus license count can often be exhausted by non-enrolled, and stale account including inactive, account disabled, account expired, and deleted users. You can restrict these users from accessing ADSelfService Plus and in ...
Troubleshooting Guide for Common Errors in ADSelfService Plus End User Portal
Permission denied. Please contact your administrator. Cause: There are two reasons why this error could occur: End users trying to access any of the self-service features in ADSelfService Plus such as password reset or directory self-update need to ...
ADSelfService Plus valid user identification
The following user categories can be considered valid in ADSelfService Plus licensing. All users who have enrolled with ADSelfService Plus. All non-enrolled users who have logged in to the product, once or more, to enroll or to update their contact ...
Automatically reinstate revoked licenses of users
Licenses are a costly affair. Administrators should know the tips and tricks of easy and cost-effective license management. It is a common practice to revoke the licenses of: Inactive users Locked out users Password expired users, and other users who ...
Configuring high availability in ADSelfService Plus
ADSelfService Plus utilizes automatic failover to support high availability in case of system and product failures. Essentially, this means that when the ADSelfService Plus service on one machine fails, another instance of ADSelfService Plus running ...