Free up unused ADSelfService Plus licenses

Free up unused ADSelfService Plus licenses

As employees enter and leave an organization, there may be a substantial amount of stale user accounts in Active Directory. Stale accounts should be removed from the purview of ADSelfService Plus so that the license assigned to them can be reclaimed and assigned to other users who need it. The Restrict Users feature in ADSelfService Plus helps you remove stale accounts either automatically or manually.
As the name suggests, this feature not only frees up the licenses assigned to these accounts but also restricts them from accessing ADSelfService Plus in the future. Restricted users' enrollment data is also automatically removed.

Types of accounts that can be restricted

Here are the types of user accounts that can be restricted using the Restrict Users feature:
  1. Account Expired - Accounts that have expired in Active Directory.
  2. Account Disabled - Accounts that have been disabled by the administrator.
  3. Inactive Users - Accounts that have not logged in to the domain for a specific period of time.
  4. Deleted Users - Accounts that had been deleted from Active Directory within the past 90 days.
  5. Unowned Licenses - Accounts that had been deleted from Active Directory before 90 days.
  6. Service Accounts - Active Directory service accounts.
  7. Smart Card Users - User accounts that use a smart card for authenticating their workstations.

Configuring the Restrict Users feature

There are two ways to use this feature:
  1. Manual method: Selecting stale user accounts and revoking their ADSelfService Plus licenses.
  2. Automatic method: Creating a scheduler that will automatically find stale user accounts and free up unused licenses at regular intervals.

To restrict stale accounts manually:

  1. Go to Admin > License Management > Restrict Users.
  2. In the Restricted Users section, click Restrict Users.
  3. The Restrict Users section will open. Specify the domain using the Select Domain drop-down menu. You can also use the OUs option to select Organization Units.
  4. Select the stale user account type using the Account Type drop-down menu. In the case of Inactive Users and Deleted Users, select the number of days for which the user accounts have been inactive or deleted respectively.
  5. Click Generate.
  6. A list of stale Active Directory user accounts is generated.
  7. From this list, select the accounts you want to restrict. You can select individual accounts or select all the accounts at once.
  8. Click Restrict.
List of supported apps

To restrict stale accounts automatically:

  1. Go to Admin > License Management > Restrict Users.
  2. Click Schedule to Restrict/Unrestrict. The Schedule to Restrict/Unrestrict section will appear
  3. Select the Restrict tab and click Add New Scheduler.
  4. Enter a Scheduler Name.
  5. Select the domain using the Select Domain field and use the OUs option to select the desired Organizational Units.
  6. In the Select Account Type section, specify the type of stale user accounts that you want to restrict.
  7. In the Select Duration section, specify the frequency of the scheduler.
  8. Use the Notify Admin option to select an email ID to which the restricted users list will be sent periodically.
  9. Click Save.
  10. Now according to the frequency set, the scheduler will automatically run and restrict the stale Active Directory user accounList of supported apps
Restricting stale user accounts allows organizations to reuse the ADSelfService Plus licenses assigned to these accounts thereby saving money and attaining maximum benefit from the licenses purchased.

      New to ADSelfService Plus?


            • Related Articles

            • Troubleshooting Guide for Common Errors in ADSelfService Plus End User Portal

              Permission denied. Please contact your administrator. Cause: There are two reasons why this error could occur: End users trying to access any of the self-service features in ADSelfService Plus such as password reset or directory self-update need to ...
            • Migrating from ADSelfService Plus 32-bit to ADSelfService Plus 64-bit

              This article will help you migrate from ADSelfService Plus 32-bit version to the 64-bit version. Before you begin 32-bit to 64-bit migration is possible only between the same builds. For example, you cannot migrate from a 32-bit version of build 5310 ...
            • Automatically backup the ADSelfService Plus database

              Description The database used in ADSelfService Plus houses some important information that is crucial for the proper functioning of the tool. As a proactive measure against the loss of data, the ADSelfService Plus application provides you Automatic ...
            • Excluding ADSelfService Plus from antivirus software

              Antivirus software plays a huge role in securing an organization's IT environment. Some antivirus software might not trust third-party applications, like ADSelfService Plus, and flag them as threats, which can impede how the product works. To prevent ...
            • How to deploy ADSelfService Plus over the internet?

              Description Deploying ADSelfService Plus over the internet will allow end-users who are on the move to access the tool from anywhere, anytime. Resolution Register an IP address (say and a public hostname (like ...