1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

AD Old Users

Discussion in 'Software' started by kat731, Aug 3, 2007.

  1. kat731
    Honorary Member

    kat731 Megabyte Poster

    Hi all,

    i've been given a list with users highlighted, who are no longer working for us, and the MD wants them removed. Are there any complications/precautions i should be aware of/take when deleting them from AD? And is it a straight forward process?

    Certifications: BA (Hons), A+
    WIP: 70-685 77-884
  2. kat731
    Honorary Member

    kat731 Megabyte Poster

    Is this worth the trouble:

    Certifications: BA (Hons), A+
    WIP: 70-685 77-884
  3. tripwire45
    Honorary Member

    tripwire45 Zettabyte Poster

    Certifications: A+ and Network+
  4. Fergal1982

    Fergal1982 Petabyte Poster

    Deleting a user from AD is easy enough. Right-Click, select delete. job done.


    Its not good practice to just delete the accounts, Since someone may have access to their mailbox, etc. At my old company, we had a system we developed which worked out quite well:

    Create 3 OUs in AD: Month1, Month2, and Month3.

    When asked to close an account, disable it and place it in month1. Wait 1 week, then providing no-one has complained, delete the mailbox. Exchange will hold a deleted mailbox for 3 months before automatically removing it from the system (Or it was at our place, might be a different default, etc) - so we always hold the user account for the same length of time.

    Providing no-one complains about it, then you can delete the account after 3 months. to keep track of this, at the start of every month, we deleted all accounts in month 3, moved 2 to 3 and 1 to 2. Any account re-enabled were moved back into the appropriate OU as soon as they were updated and re-enabled.

    This is, I think, the best way to handle the situation, since it ensures that you can step back without issue. Restoring deleted accounts from backups is a pain in the ass. we just didnt do it. if it fell outside the 3 month period, tough. brand new account!
    Certifications: ITIL Foundation; MCTS: Visual Studio Team Foundation Server 2010, Administration
    WIP: None at present
  5. Sparky
    Highly Decorated Member Award

    Sparky Zettabyte Poster Moderator

    I rarely delete users, there is always someone that needs to use the account 2 years after the user has left. :biggrin

    Create a OU and put all the old accounts in there, disable the account and also check the ‘hide from Exchange mailing lists’ tick box.

    If you really have to delete the user backup the profile and mailbox onto DVD.
    Certifications: MSc MCSE MCSA:M MCSA:S MCITP:EA MCTS(x5) Security+ Network+ A+
    WIP: Exchange 2007\2010
  6. csx

    csx Megabyte Poster

    If using some kind of backup software such as Backup Exec you may have to remove the mailbox from the information store/Exchange or you'll get failed backup reports (backup just moaning it cannot backup the mailbox).
    Certifications: A+, Network+, 70-271 & 70-272, CCENT, VCP5-DCV and CCNA
    WIP: Citrix
  7. Fluid

    Fluid Byte Poster

    I wouldnt bother investing in a software like that, if you want one theres bound to be quiet a few open source ones out their, or just follow the instructions set above really.
  8. AJ

    AJ Administrator Administrator

    I do what Sparky does. just disable the account and move it to another OU out of the way. No real need to delete them out of AD.
    Certifications: MCSE, MCSA (messaging), ITIL Foundation v3
    WIP: Looking at doing ..................
  9. zimbo
    Honorary Member

    zimbo Petabyte Poster

    interesting topic.. and something you dont think about till you in the real world - yeah ok delete the account but like you guys have said - someone will always need or want the account sometime soon... 8)
    Certifications: B.Sc, MCDST & MCSA
    WIP: M.Sc - Computer Forensics
  10. Theprof

    Theprof Petabyte Poster Forum Leader

    I also do the same thing as sparky. There really is no reason deleting an account unless you know for sure that there will never be a user doing the same job as the previous user. I always have it disabled just in case because you never know who might replace the user and when that does happen all you got to do is rename the account and the new user has exact same rights as the previous.
    Certifications: A+ | CCA | CCAA | Network+ | MCDST | MCSA | MCP (270, 271, 272, 290, 291) | MCTS (70-662, 70-663) | MCITP:EMA | VCA-DCV/Cloud/WM | VTSP | VCP5-DT | VCP5-DCV
  11. hippy

    hippy Kilobyte Poster

    I Agree with the above, disable the account and move it into an OU with all the other disabled. If you really want, you can delete the user in AD, delete the mailbox in exchange (or wait for default settings) and if you use backup exec alter the backup otherwise it will moan like a pro...

Share This Page