To configure a Group Object Permanent Deletion policy
If you select the third option, you should apply this policy to domains that have Active Directory Recycle Bin enabled; otherwise, the policy will have no effect. With this option, once a group has been deprovisioned, Active Roles deletes the deprovisioned group immediately. In a domain where Active Directory Recycle Bin is enabled, this means that the group object is marked as deleted and moved to a certain container from which it can be restored, if necessary, without any data loss.
This scenario describes how to configure a policy so that Active Roles permanently deletes deprovisioned groups after the 90 day retention period.
To implement this scenario, you must perform the following actions:
As a result, after deprovisioning a group in the container you selected in Step 2, Active Roles retains the deprovisioned group object for 90 days and then it deletes that object.
You can create and configure the Policy Object you need by using the New Deprovisioning Policy Object wizard. For information about the wizard, see Creating a Policy Object in the Policy Object management tasks section earlier in this chapter.
To configure the policy, click Group Object Permanent Deletion on the Select Policy Type page of the wizard. Then, click Next.
On the Deletion Options page, click Delete the object after retention period. Then, in the box beneath that option, type 90.
When you are done, click Next and follow the instructions in the wizard to create the Policy Object.
You can apply the Policy Object by using the Enforce Policy page in the New Deprovisioning Policy Object wizard, or you can complete the wizard and then use the Enforce Policy command on the domain, OU, or Managed Unit where you want to apply the policy.