Technical Services Inactive User Account Deletion Procedures

By: Michelle Oda
Updated by: Ben Werthmann
Updated: 10/19/2011

User and Computer Account Audit

In efforts to keep the Active Directory organized and accurate, an audit is done every month to find accounts on Admnet that have not logged onto the domain in the past 365 days. OpenNet is in the process of being phased out and has a more aggressive audit time of 90 days.

Exemptions

  • Exemptions exist for faculty with status of "professor emeritus" (male) or "professor emerita" (female). These accounts should only be disabled upon death of the faculty member.
  • The group AUDIT_Excluded_Users will exclude users from the audit report. A group has been created for faculty with emeritus status and nested in the AUDIT_Excluded_Users group.
  • The contents of the AUDIT_Excluded_Users are audited at the same time.

Audit Procedures

  • Run these scripts:
  • Users will be disabled and moved to “disabled inactive users”
  • Computers will be deleted at the time of audit

Deletion Procedures

  • Open AD Users and Computers in both admnet.oakland.edu and opennet.oakland.edu.

  • If any user requests for their account to be reactivated, the user must provide reasons for inactivity and reactivation. Once enabled, move the account back into Users folder.
  • Two weeks after the audit, delete all users in “Disabled Inactive Users” OU.

UTS

  • Report is produced once a month by Technical Services, there is no specific day or notification when the report has been produced. Check about the 2nd or 3rd week of the month, could be earlier or later. Manually check for Audit at (). Notification is not received when the accounts have been deleted by Tech Services; I usually send email to verify the accounts have been deleted.

  • Pull paperwork for users listed in the report
  • Remove envelopes with log in information that have not been picked up, cross out name on sign out clip board or add a notation that the account is scheduled to be delete xx/xx/xx. If this completes the sign out sheet, pull sheet and file.
  • Check if user has Banner & NetID.

    • Faculty - retain their Banner accounts unless they no longer have a NetID

    • Staff – if the employee has Banner, send an email to the supervisor listed on paperwork to verify employee has not left the University. If employee is no longer employed in the department, delete computing accounts, Banner, TouchNet, etc., if still employed in the department nothing further needs to be done. If employee does not have a NetID, delete accounts.

    • Student – if student has Banner, send email to supervisor listed on the form. If student has left the department delete computing accounts, Banner, TouchNet, etc., if student no longer has a NetID, delete accounts.

  • Attach a copy of the report to the individuals’ paperwork and indicate Admnet or all accounts for the individual have been deleted xx/xx/xx and file in the deleted or active accounts cabinets.

Some of the accounts that are scheduled to be deleted by Technical Services will also be listed in the Weekly Termination & Locked Accounts report. I will make a notation that the account has been flagged for deletion in the weekly report.

---

DataAdminHowTo

DB_Administration