Re: Exchange and AD

["Barros, Jacob" <jkbarros () GRACE EDU>]

Hi Quinn.  We don't require any accounts to expire.  By the end of the
summer, we should be fully automated where any changes in our ERP
automatically changes AD.  Any student that isn't registered for a
particular semester would be disabled, and any faculty / staff not on
payroll the same.  All anytime someone is entered into the ERP or added
to payroll, a new account it created.  I can't speak to the specifics as
I am not a part of making this happen.  Feel free to email off-list for
more details.
 
Right now these process are semi-automated, where HR sends us an email
when employees have an entrance or exit interview.  For students, we
manually run a process 
 
From: The EDUCAUSE Security Constituent Group Listserv
[mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Shamblin, Quinn
(shamblqn)
Sent: Monday, June 02, 2008 9:46 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] Exchange and AD
 
Hello everyone,
 
I would like to understand the approaches that different organizations
use for a certain aspect of Identity Management.
 
For those of you out there that are running Exchange and use Active
Directory to manager your accounts, how are you expiring your user
accounts?  How do you manage the expiry of normal users, yet have system
or shared accounts that do not expire?
 
I apprciate any window you can give me on your approach.  Thanks,
 
Regards,
 
Quinn R. Shamblin
- UC InfoSec - CISSP, GCFA, PMP - (513) 556-0803 - quinn.shamblin () uc edu