The policy described in this scenario, removes the deprovisioned users from all groups, both security and distribution.
To implement this scenario, you must perform the following actions:
As a result, when deprovisioning a user account in the container you selected in Step 2, Active Roles removes the user account from all groups.
The following two sections elaborate on the steps to implement this scenario.
You can create and configure the Policy Object you need by using the New Deprovisioning Policy Object wizard. For information about the wizard, see Creating a Policy Object in the Policy Object management tasks section earlier in this chapter.
To configure the policy, click Group Membership Removal on the Select Policy Type page of the wizard. Then, click Next and follow these steps:
You can apply the Policy Object by using the Enforce Policy page in the New Provisioning Policy Object wizard, or you can complete the wizard and then use the Enforce Policy command on the domain, OU, or Managed Unit where you want to apply the policy.
For more information on how to apply a Policy Object, see Applying Policy Objects and Managing policy scope earlier in this chapter.
Policies of this category are intended to automate the following tasks on deprovisioning Microsoft Exchange resources for deprovisioned users:
When configuring a policy of this category, you specify how you want Active Roles to modify the user’s account and mailbox upon a request to deprovision a user. The purpose is to reduce the volume of e-mail sent to the mailbox of the deprovisioned user, and to authorize designated persons to monitor such e-mail.
© 2021 One Identity LLC. ALL RIGHTS RESERVED. Feedback 이용 약관 개인정보 보호정책