...
| Panel | ||||||||
|---|---|---|---|---|---|---|---|---|
| ||||||||
Is their Active Directory account still active (enabled)? In order for an account to be active enabled in Active Directory, it must have an Active logon status in the EID system AND . If it is disabled or flagged to require a password change in the EID system, it will be disabled in Active Directory. |
| Panel | ||||||||
|---|---|---|---|---|---|---|---|---|
| ||||||||
Can they still authenticate using Enterprise Authentication?Enterprise Authentication EntAuth? (EntAuth is backed by Austin Active Directory.abcxyzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzz. Consider 2FA (Duo) as well………………………….) As long as their Active Directory account is still enabled they will be able to authenticate using EntAuth, regardless of whether or not they have one of the Affiliations or Entitlements mentioned here that sets their Primary Group to Domain Users. For example: former employees will still be able to log in to review their tax forms for their last year of employment. The configurations of specific applications behind EntAuth may or may not have further requirements to use them. |
| Panel | ||||||||
|---|---|---|---|---|---|---|---|---|
| ||||||||
When does their account get removed from Active Directory? An automated process removes Active Directory accounts based on conditions specified here. This process is in place to remove any accounts that are no longer needed. If a user’s Active Directory account has been removed, it will be re-created if/when they obtain one of the Affiliations or Entitlements mentioned here. Because the re-created account is a new object in Active Directory, it will not be a member of any groups they remained in at the time of removal. |
| Panel | ||||||||
|---|---|---|---|---|---|---|---|---|
| ||||||||
Are they automatically removed from Active Directory groups? Users are not automatically removed from groups when they leave the University, even when their Active Directory account is disabled. For the most part, groups in Austin Active Directory are owned and managed by the Department that created them. Departments are responsible for maintaining the memberships of their groups, removing any members that are no longer necessary.
|
...
| Panel | ||||||||
|---|---|---|---|---|---|---|---|---|
| ||||||||
If they are still in an email distribution group, will they continue to get emails addressed to the group? As long as they still have a M365 mailbox, they will receive emails addressed to any email distribution groups they are a member ofWhat happens to their M365 Mailbox? Refer to Eligibility for M365 : What Happens After I leave the University. |
| Panel | ||||||||
|---|---|---|---|---|---|---|---|---|
| ||||||||
What happens if they were a Department OU Owner? At this time, no action is automatically taken to remove them as owners. Another Department OU Owner should remove them using the Department User Tools (📑 Documentation). Audit reports are emailed to Department OU owners monthly. One of the items that appear in this audit is ineligible owners that should be removed. | ||||||||
| Panel | ||||||||
| panelIconId | atlassian-question_mark | |||||||
| panelIcon | :question_mark: | :question_mark: | ||||||
| bgColor | #F4F5F7 | |||||||
Q A |
Departmental (DEPT-) Active Directory Accounts
| Panel | ||||||||
|---|---|---|---|---|---|---|---|---|
| ||||||||
Are their departmental user accounts disabled or deleted when they leave the University? At this time, no action is automatically taken on departmental accounts when the assignee leaves the University. |
...
| Panel | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|
| ||||||||||
| Panel | ||||||||||
| ||||||||||
What about Service AccountsWhat about departmental service accounts? Service accounts can be assigned to more than one person at a time (although they can only be claimed by one person at a time). |
...