Procedure
Effective Date
9/15/2014
Date of Last Revision
8/21/2014
Chapter Name
Information Management
Chapter Number
Title
4.11.P.1
Dormant AD Computer Object Removal
1.0 Purpose
In order to minimize Active Directory (AD) operational complexity, the Division of Information Technology will
remove computer objects dormant for over 365 days.
2.0 Governing Policy
Number/Document Name
4.11 Dormant Accounts Policy
Effective Date
2/17/2013
3.0 Procedure
Once per month systems administrators will:
1. Run a report of AD computer objects.
2. Identify computer objects that have been inactive for over 365 days.
3. Save a CSV file of dormant computer objects.
4. Disable identified dormant computer objects for one month.
5. Delete disabled computer objects from prior month.
Users of deleted or disabled workstations will:
1. Be unable to log into their workstations
2. Resolve this by contacting the IT Help Desk.
In Response the IT Help Desk will:
1. Identify if the computer object has been disabled or deleted.
2. If Disabled: IT Help Desk will re-enable the computer object.
3. If Deleted: IT Help Desk will rejoin the computer to AD and move the computer into its appropriate OU.
4.0 Responsibility for Implementation
The Director of Network and System Services is responsible for the implementation of this procedure.
5.0 Definitions
Term
Dormant or Inactive
OU
Computer Object
IT Procedure
Form Version 3.0
Definition
Any computer account that has not been logged into by an Active Directory user
account for a given period of time.
Organizational Unit
A digital record of a physical computer within the Active Directory.
Page 1 of 2
6.0 Revision History
Description
Draft – Jamie Pringle
Policy Committee
CIO Approval
IT Procedure
Approval Date
08/13/2014
08/21/2014
09/15/2014
Page 2 of 2