• State Suggested Answer
  • Locked Locked
  • Replies 11 replies
  • Answers 1 answer
  • Subscribers 62 subscribers
  • Views 14396 views
  • Users 0 members are here
Options
Related
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Need a way to not delete an account that is marked for litigation hold

todd_tobias
over 7 years ago

Hello Community,

 

I'm trying to find a way that i can incorporate into my standard Deprovision Policy explained below.

Corp deprovisioning policy for users.
Disable Account
Sets Password Random
Group membership – Remove!
Exchange Mailbox – disable / Hide from GAL
HomeFolder – disable / remove user access
Move to OU=Disabled Users
Delete in 30 days 
Description = “Terminated YYYY-MM-DD by <Account> - %description%”

 

I need to add the following somehow Delete in 30 days "only if LitigationHoldEnabled AD attribute is FALSE

 

Anyone can give me any help?

Thank you

 

Todd Tobias

Todd_Tobias@ultimatesoftware.com

Parents
  • 0 over 7 years ago

    I have dealt with this type of thing in several ways, what I have found most effective is to move these accounts in particular to a protected type of OU, and have them 'prevent from accidental deletion'. Ensure that you either clear, or do not set the attribute edsvaDeprovisionDeletionDate, also set edsvaProtectFromDeletion = True.

    I would try to avoid workflows as much as possible, they seem to work best for cleanup tasks and searching, but not as something to be relied upon for this type of production. Though you can, I just don't recommend it.

Reply
  • 0 over 7 years ago

    I have dealt with this type of thing in several ways, what I have found most effective is to move these accounts in particular to a protected type of OU, and have them 'prevent from accidental deletion'. Ensure that you either clear, or do not set the attribute edsvaDeprovisionDeletionDate, also set edsvaProtectFromDeletion = True.

    I would try to avoid workflows as much as possible, they seem to work best for cleanup tasks and searching, but not as something to be relied upon for this type of production. Though you can, I just don't recommend it.

Children
No Data