0
ladyskydiver

Geek programming question

By ladyskydiver, in The Bonfire

Recommended Posts

PhreeZone    20

PhreeZone
Watch doing it that way... some audits require all traces of a users account to be gone from the system. OCC comes to mind right away.

Honestly its a tad expensive... but I HIGHLY recommend looking at Computer Associates eTrust Admin product. (Shivers went up my spine for recommending CA :S). It will create roles that you can create new accounts in. Basically you can see that there is a developer role and they need to have access to 5 mailing groups, security access to 10 servers, a UNIX login and a email account created. (We are running 45+ roles here right now) When an account is created you assign it to the developer role and they automatically get all the needed access. Then its got this nifty plugin that says that take all accounts that are disabled for more then X days and delete them.

We get a daily feed from HR that lists all the user's and user names that are terminated. 5 minutes in the morning and we have disabled anyone that appears on the list. It moves their Exchange account to invisable so that we can still go in and retrieve the mail to give it to others taking over their projects and it disables all their network access.

I really hate CA... but ETrust actually works. And its not too bad of a price if you are a small shop.we got screwed having to buy 10000 user licence and special agents for all our UNIX boxes.
Yesterday is history
And tomorrow is a mystery

Parachutemanuals.com

Share this post

Link to post
Share on other sites

PhillyKev    0

PhillyKev
Quote

If you upgrade to the new exchange versions and you use AD everything will be linked together



WARNING!!! Although this may be the best solution, and Exchange 2000 is worlds better than 5.5, the upgrade process is as pleasant as rolling naked in a pile of broken glass then diving into a pool of lemon juice.

Share this post

Link to post
Share on other sites

PhillyKev    0

PhillyKev
Quote

Watch doing it that way... some audits require all traces of a users account to be gone from the system.



I would suggest (as would MS) disabling and then renaming instead. There is a limit of total AD objects that can be created, incuding those that are eventually deleted.

Share this post

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
0
Go To Topic Listing