Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
Deleting Old NT Accounts
- Thread starter resources
- Start date
This is true only as long as there is a possibility that the user might return, or specific files that the user owns have not been transferred to another user.
The reason is that the user ID is not stored in plain text, but rather an encrypted security ID (SID) is created when the user account is created. Deleting the user account and recreating it will NEVER result in the same SID, so you can never restore a users credentials exactly as before.
So my rule is, once the user leaves the company, DISABLE. After 30 days, or when you're certain the account will never be required, DELETE.
Also note, a user account can simply be renamed, giving a new user instant access to everything the SID allowed the previous user to access. (The SID is NOT regenerated on a RENAME process). This can be useful, but does have the problem that the associated profile will continue to show the original user name.
The reason is that the user ID is not stored in plain text, but rather an encrypted security ID (SID) is created when the user account is created. Deleting the user account and recreating it will NEVER result in the same SID, so you can never restore a users credentials exactly as before.
So my rule is, once the user leaves the company, DISABLE. After 30 days, or when you're certain the account will never be required, DELETE.
Also note, a user account can simply be renamed, giving a new user instant access to everything the SID allowed the previous user to access. (The SID is NOT regenerated on a RENAME process). This can be useful, but does have the problem that the associated profile will continue to show the original user name.
ShackDaddy
MIS
I think the Exchange 5.5 account will need to be reconfigured manually, if you want to keep it associated with the renamed account, or deleted, if you don't.
Actually, I'd just reassign the Exchange account to the person's supervisor for a few months, since in most cases when a user leaves the company, the replacement won't need access to past emails, and the addresses will have to be changed anyway.
ShackDaddy
Actually, I'd just reassign the Exchange account to the person's supervisor for a few months, since in most cases when a user leaves the company, the replacement won't need access to past emails, and the addresses will have to be changed anyway.
ShackDaddy
- Thread starter
- #4
- Status
Similar threads
- Locked
- Question
- Locked
- Question
- Locked
- Question
- Locked
- Question