Best practice for disabling accounts after user left? (But returning)

Discussion in 'Active Directory' started by Robert Nafty, Jun 15, 2008.

  1. Robert Nafty

    Robert Nafty Guest

    Hi,

    What is the best practice for:

    When a user works at the company for 1 year or more. They then leave for a
    year.
    (Possible reasons include maternity leave, uni study for one year, etc etc).
    They will then return as full time staff again.

    What is best practice to do with their accounts?

    Set to disabled for the year? Leave share permissions.
    Set to disabled for a few months then delete account and all share
    permissions.
    Delete account straight away.

    How does this work with the mailbox? Does setting the account to disabled
    stop them from receving all the e-mails? (Exchange 2003 here).

    Obviously a year's worth of e-mails would be quite a lot and would not be
    needed. Do you therefore stop this somehow?


    Look forward to hearing what you do,
    Thanks
     
    Robert Nafty, Jun 15, 2008
    #1
    1. Advertisements

  2. i think if you disable the account mail will bounce
    if you delete the account you will have to assign NTFS permissions again
    upon their return

    all this differs based on number of servers how access is assigned via
    groups or directly to user..., but what we tend to do is apply logon
    restrictions; restrict OWA, VPN access; change passwords and this way
    preserve access they have had. in addition if neccessary their mail can be
    forwarded to someone else etc

    G
     
    Gueorgui Dimov, Jun 15, 2008
    #2
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.