Keeping Active Directory Clean

One of the issues that frequently arise, especially in larger organization, is the need to provide contractors, consultants and temporary employees with access to network resources and email. The concept of automating the lifecycle by integrating with a Human Resource system breaks down because these types of employees are rarely entered there.
We have solved this dilemma numerous times for companies by implementing a web-based workflow. The hiring manager access an internal web page and completes the relevant information - name, department, type of employee, expected length of service, etc. Once the form is submitted, the IT or helpdesk can review the information and process it automatically. An email is delivered back to the hiring manager with the username, email address and initial password.
The key element here to keep AD clean is the expected length of service date. As that date approaches a notification can be delivered to the manager asking if the date should be extended. If yes, the manager clicks on a link in the email and can enter a new end date. If no, the process automatically disables the user on the last day of service. A manger can also be given an option to disable or terminate immediately if the person has already left.
After sitting in a disabled status for a period of 60 to 90 days, the record can automatically be purged from AD. Implementing a process like this saves time, potential licensing costs and increases security all while making life easier for the OIT department.
To learn more about this application of Identity Management and many others, please visit our website; Tools4ever, Inc.