Tutorials‎ > ‎Sample Policies‎ > ‎

Active Directory Account Removal Policy

Account removals are requested through the Action Request System by an HR representative or management with appropriate authority.
User accounts are disabled and held for 120 days. Unless otherwise specified, the accounts are deleted at the end of the 120-day holding period.
The disabled account is moved to the “disabled accounts” OU and the user’s files and e-mails are made available to the appropriate personnel and supervisors.

a. Disable the account using the “account is disabled” box in AD.
b. Add a note to the description field that says “disabled [date] [initials] ticket #”.
c. Remove the user’s login script from the profile tab.
d. Set the dial-in tab to “deny access”
e. With the exception of “domain users”, remove the user from all groups on the “member of” tab.
f. Remove Exchange attributes. This disassociates the network account with the user’s Exchange mailbox.
g. Move the user account to the “disabled accounts” OU.
h. Make user’s personal folders available to the appropriate personnel and supervisors. 
i. Remove the users's personal folders from the file server
j. Open up user's e-mail in OWA and set the out of office reply for 30 days
    ex: USER is no longer employed by the this organization. Please contact 555-867-5309 for assistance.