This scenario describes how to configure a policy so that Active Roles permanently deletes deprovisioned user accounts after the 90 day retention period.
To implement this scenario, you must perform the following actions:
As a result, after deprovisioning a user account in the container you selected in Step 2, Active Roles retains the deprovisioned account for 90 days and then it deletes that account.
You can create and configure the Policy Object you need by using the New Deprovisioning Policy Object wizard. For information about the wizard, see Creating a Policy Object in the Policy Object management tasks section earlier in this chapter.
To configure the policy, click User Account Permanent Deletion on the Select Policy Type page of the wizard. Then, click Next.
On the Deletion Options page, click Delete the object after retention period. Then, in the box beneath that option, type 90.
When you are done, click Next and follow the instructions in the wizard to create the Policy Object.
You can apply the Policy Object by using the Enforce Policy page in the New Deprovisioning Policy Object wizard, or you can complete the wizard and then use the Enforce Policy command on the domain, OU, or Managed Unit where you want to apply the policy.
For more information on how to apply a Policy Object, see Applying Policy Objects and Managing policy scope earlier in this chapter.
Group object deprovisioning policy specifies the changes to make to the group object in Active Directory in order to prevent the use of the group. It is intended to perform the following tasks when deprovisioning a group:
In addition, the policy can be configured to change or clear any other properties of a group, such as the pre-Windows 2000 name, e-mail addresses, or description.
© 2021 One Identity LLC. ALL RIGHTS RESERVED. Feedback Terms of Use Privacy