That's what I do here, also. Then they sit around pretty much forever. I've even had to re-enable a couple, as the person came back to work for us.
>>> Cameron <[email protected]> 11/14/2011 8:54 AM >>> I just move them into a "Disabled User" OU and put in the description of the account the date disabled. On Mon, Nov 14, 2011 at 11:48 AM, David Lum <[email protected]> wrote: I have our internal auditor asking if we can keep disabled AD accounts around for a calendar year and ditch them on Jan 1 of each year. The reason is she can pull reports from AD regarding security audit information, etc. My kneejerk to me is to kill ‘em, but having them disabled in their own OU (I kind of feel like they should be in a non-delegated OU too) doesn’t give me that big of a heartache. Anyone care to share their opinion? David Lum Systems Engineer //NWEATM Office 503.548.5229 ( tel:503.548.5229 )//Cell (voice/text) 503.267.9764 ( tel:503.267.9764 ) ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
