The following are frequently asked questions about what happens to a user’s EID-based Active Directory account when they leave the University:

Is their Active Directory account still active?

In order for an account to be active in Active Directory, it must have an Active logon status in the EID system AND one of the Affiliations or Entitlements mentioned here.

Can they still authenticate using Enterprise Authentication?

(This is a common question for those that know Enterprise Authentication is backed by Austin Active Directory.)

abcxyzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzz. Consider 2FA (Duo) as well………………………….

When does their account get removed from Active Directory?

An automated process removes Active Directory accounts based on conditions specified here.

Are they automatically removed from groups?

Users are not automatically removed from groups when they leave the University, even when their Active Directory account is disabled.

For the most part, groups in the Austin Active Directory are owned and managed by the Department that created them. Departments are responsible for maintaining the memberships of their groups, removing any members that are no longer necessary.
A user may need to be removed from a group if:

  • They are no longer at the University

  • They remain at the University but no longer fall under the intended scope of the group (for example, an employee who leaves your department and is still a current employee working for another department should be removed from groups that give them access to your department’s resources)

If they are still in an email distribution group, will they continue to get emails addressed to the group?

Ask the mail team what the mailbox requirements are……. if they no longer have a mailbox, they aren't going to be able to get any message………………………………………………………

Q

A

Q

A

The following are frequently asked questions about what happens to a user’s Departmental (DEPT-) Active Directory account(s) when they leave the University:

Are their departmental accounts disabled or deleted when they leave the University?

At this time, no action is automatically taken on departmental accounts when the assignee leaves the University.
Department OU Owners are responsible for disabling or deleting departmental accounts when they are no longer needed.

Q

A

What about Service Accounts?

Service accounts can be assigned to more than one person at a time (although they can only be claimed by one person at a time).
When an assignee has left the University, a Department OU Owner should remove them from the list of assignees of their service accounts. This prevents them from having control over these service accounts if they ever do return to the University (a former employee in your department may later return as an employee in another department or a student).