When an employee separates from the university for any reason other than retirement:
- HR notifies Information Technology Staff
- An AtTask Issue is opened to remove their accounts on the day or the day after HR says is their last day
- On the appointed day l:
- Active Directory account is disabled
- Exchange account is hidden, not visible in the Outlook Global Address List
- Account added to "Pending Deletion Spreadsheet", scheduled for permanent deletion in four weeks from the next Friday.
- At permanent deletion time, Active Directory account is deleted, which also completely removes the mailbox in Exchange..
note with FIM we have been leaving accounts in the disabled / hidden state a little longer, and sometimes moving them to a "Disabled Users" OU. The practice is under discussion now.
- For shared files:
- on MUGEN2: the home directory is removed at the time the active directory account is deleted. No checking is done in shared departmental folders.
- user is deleted, but auditing shows a strike through.
- Banner, Hyperion, SAP, all our deleted when Exchange account is hidden.
Note, we cannot just forward an account to another employee, or leave it open and grant access to supervisor, etc, without the knowledge and consent of the separating employee and/or permission from the appropriate vice-president.
When an employee retires:
- if they want, they may keep their email accounts. They must notify us, and we should be checking every year if that employee still needs/wants the account. Still, Banner, Hyperion, etc are deleted at retirement.
- we change their department to "Retiree", mostly for the sake of the Outlook Global Address list.