We keep our disabled account around basically forever - the only ones I've ever deleted have been a couple of folks who didn't actually show up for work.
We were told to do it this way because of our CRM/ERP packages and the fact that we can't seem to figure out how to delegate customer account records to new staff. Don't know if that's a problem with the software we're running or the staff maintaining it, but that's why I created a DisabledAccounts OU. We have accounts hanging around from folks who departed as long ago as 2000... Kurt On Mon, Nov 14, 2011 at 08:48, David Lum <[email protected]> wrote: > I have our internal auditor asking if we can keep disabled AD accounts > around for a calendar year and ditch them on Jan 1 of each year. The reason > is she can pull reports from AD regarding security audit information, etc. > > > > My kneejerk to me is to kill ‘em, but having them disabled in their own OU > (I kind of feel like they should be in a non-delegated OU too) doesn’t give > me that big of a heartache. Anyone care to share their opinion? > > David Lum > Systems Engineer // NWEATM > Office 503.548.5229 // Cell (voice/text) 503.267.9764 > > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
