Automate Deactivation of Graduates' User Accounts


Published on

At the end of an academic year, the whole fraction of students permanently leave a school or university system. Once these users graduate, IT administrators are left with a huge number of accounts that must be marked as inactive and then dealt with according to system policies. An automated solution can do this tedious job for you and automatically disable those accounts to avoid associated security issues.

Published in: Technology
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Automate Deactivation of Graduates' User Accounts

  1. 1. White Paper: How to Automate Deactivation of Graduates User Accounts Written by NetWrix Corporation 1
  2. 2. © Copyright NetWrix Corporation 2008. All rights reserved.This guide contains proprietary information, which is protected by copyright. The softwaredescribed in this guide is furnished under a software license or nondisclosure agreement. Thissoftware may be used or copied only in accordance with the terms of the applicable agreement. Nopart of this guide may be reproduced or transmitted in any form or by any means, electronic ormechanical, including photocopying and recording for any purpose other than the purchaserspersonal use without the written permission of NetWrix Corporation.WARRANTYThe information contained in this document is subject to change without notice. NetWrixCorporation makes no warranty of any kind with respect to this information. NETWRIXSPECIFICALLY DISCLAIMS THE IMPLIED WARRANTY OF THE MERCHANTABILITYAND FITNESS FOR A PARTICULAR PURPOSE. NetWrix Corporation shall not be liable forany direct, indirect, incidental, consequential, or other damage alleged in connection with thefurnishing or use of this information.TRADEMARKSAll trademarks and registered trademarks used in this guide are property of their respectiveowners.Web: http://www.netwrix.comPhone: +1.888.NETWRIX (888.638.9749)Address: 140 E. Ridgewood Ave Suite 415 South Tower Paramus, NJ 07652 2
  3. 3. How to Automate Deactivation of Graduates User AccountsThe problemProviding well-administrated IT services to a student body can be a challenge. Unlike other ITenvironments, a large influx and outflux of users occurs at points in time tied to the academic calendar. Atthe end of an academic year, many thousands of students may permanently leave a school or universitysystem. Once these users graduate, discontinue their education, or perhaps simply move away, ITadministrators are left with a huge number of accounts that must be marked as inactive and then dealt withaccording to system policies.Sound administration and security practices demand that this cumbersome housekeeping be done quicklyand efficiently - yet in the complex distributed networking environments in todays educational systems,this is easier said than done. A typical university infrastructure is a Windows environment running ActiveDirectory to manage user data, security and distributed resources. However, identifying unused accounts,marking them inactive and disabling or deleting them is not an automated process out of the box. Thoughthese individual functions can be done within Active Directory, a significant investment in admin time isneeded to do so when dealing with many thousands of users.The solutionAn automated solution to this problem should take advantage of the Active Directory functionality in amanner that streamlines and simplies the process for the sys admin. It should check all user accounts inspecied domains at an interval set by the administrator, and automatically disable those accounts. Inaddition, this utility should address the issue of differing lastLogon data in a system: this attributerepresents the last time a user was authenticated by a specic Domain Controller, but AD does not replicatethis value. As a result, the lastLogon value will be different on each DC. A well-designed admin utility willquery all DCs in the domain and use the most recent logon time, also called the "true last logon", thusensuring that the most current and correct parameters are used in determining whether or not an account istruly inactive.Implementation: NetWrix Inactive Users TrackerThe Inactive Users Tracker utility from NetWrix meets these criteria. It is a simple, effective tool foreducational IT administrators who need a cost-effective, time-saving way to deal with a multitude ofperiodically or permanently inactive users. A freeware version is available that identities inactive accountsin the intelligent manner outlined above; using this, administrators can then manually disable or delete theidentified accounts. The commercial version of Inactive Users Tracker allows the admin to automaticallydisable user accounts, customize emails alerts and messages, and comes with technical support. The freedownload of Inactive Users Tracker offers a demonstration of the exceptional value of this utility ineducational IT administration. 3
  4. 4. About NetWrix CorporationEstablished in 2006, NetWrix Corporation provides innovative and cost-effective solutionsthat simplify and automate the management of Windows networks. With in-depthknowledge and experience managing Windows environments of all sizes, the companydelivers solutions to meet complicated business requirements while fulfilling the bestexpectations of IT professionals.Contacting NetWrixToll-free Phone: 888.638.9749Web site: www.netwrix.comAddress: 140 E. Ridgewood Ave Suite 415 South Tower Paramus, NJ 07652Contacting NetWrix SupportTechnical support is available to customers who have a trial version of a NetWrix product orwho have purchased a commercial version and have a valid maintenance contract. ContactNetWrix Support at 4