Scenario: Organizational Unit for deprovisioned user accounts
This scenario describes how to configure a policy so that a certain organizational unit contains all the deprovisioned user accounts.
To implement this scenario, you must perform the following actions:
- Create and configure the Policy Object that defines the appropriate policy.
- Apply the Policy Object to a domain, OU, or Managed Unit.
As a result, after deprovisioning a user account in the container you selected in Step 2, Active Roles automatically moves that account to the organizational unit determined by the policy configuration. The following two sections elaborate on the steps to implement this scenario.
Step 1: Creating and configuring the Policy Object
Step 1: Creating and configuring the Policy Object
You can create and configure the Policy Object you need by using the New Deprovisioning Policy Object wizard. For information about the wizard, see Creating a Policy Object in the Policy Object management tasks section earlier in this chapter.
To configure the policy, click User Account Permanent Deletion on the Select Policy Type page of the wizard. Then, click Next.
On the Deletion Options page, click Delete the object after retention period. Then, in the box beneath that option, type 90.
When you are done, click Next and follow the instructions in the wizard to create the Policy Object.
Step 2: Applying the Policy Object
Step 2: Applying the Policy Object
You can apply the Policy Object by using the Enforce Policy page in the New Deprovisioning Policy Object wizard, or you can complete the wizard and then use the Enforce Policy command on the domain, OU, or Managed Unit where you want to apply the policy.
For more information on how to apply a Policy Object, see Applying Policy Objects and Managing policy scope earlier in this chapter.
User Account Permanent Deletion
Policies in this category are intended to automate the deletion of deprovisioned user accounts. Deprovisioned user accounts are retained for a specified amount of time before they are permanently deleted. A policy in this category can also be configured not to delete deprovisioned accounts.