Page tree
Skip to end of metadata
Go to start of metadata
Current practices:

When an employee separates from the university for any reason other than retirement:

- HR notifies Information Technology Staff

- An AtTask Issue is opened to remove their accounts on the day or the day after HR says is their last day

- On the appointed day l:

  • Active Directory account is disabled
  • Exchange account is hidden, not visible in the Outlook Global Address List
  • Account added to "Pending Deletion Spreadsheet", scheduled for permanent deletion in four weeks from the next Friday. 

      - At permanent deletion time, Active Directory account is deleted, which also completely removes the mailbox in Exchange..
note with FIM we have been leaving accounts in the disabled / hidden state a little longer, and sometimes moving them to a "Disabled Users" OU. The practice is under discussion now.

- For shared files:

       - on MUGEN2: the home directory is removed at the time the active directory account is deleted.  No checking is done in shared departmental folders.

- CMS

  • user is deleted, but auditing shows a strike through.

- Banner

  • Banner, Hyperion, SAP, all our deleted when Exchange account is hidden.

Note, we cannot just forward an account to another employee, or leave it open and grant access to supervisor, etc, without the knowledge and consent of the separating employee and/or permission from the appropriate vice-president.

When an employee retires:

  - if they want, they may keep their email accounts. They must notify us, and we should be checking every year if that employee still needs/wants the account. Still, Banner, Hyperion, etc are deleted at retirement.

  - we change their department to "Retiree", mostly for the sake of the Outlook Global Address list.

Questions/Issues:

For temps, the situation is even trickier, since we often do not get an official notice that a temp is leaving.  Departments often simply re-use accounts.  Or temps go off to another department and by doing so, have access to improper shares, services, folders, etc.