*Note: This article is meant for System Administrator
Disable resigned employee's AD account
- Resigned employee account should be disabled immediately on employee last day after he/she has completed her handovers.
- Login domain controller & launch Active Directory Users & Computers.
- Locate the resigned employee account, reset the password & disable the account.
- Move the account to "disabled users" OU.
- Disabled accounts will retained for minimum 60 days in this OU before it is purged.
Purge disabled accounts after 60 days
- Launch Active Directory Users & Computers & expand the "Saved Queries" tree.
- Right click on the "Delete account" query & select refresh to run the query.
- The list of disabled account that has been inactive for more than 60 days will show up on the right panel.
- Select all the account in the list & delete. This action will permanently purge account from AD.
- It is recommended to run this query on weekly basis as part of AD housekeeping.