Educause Security Discussion mailing list archives
Re: Exchange and AD
From: "Barros, Jacob" <jkbarros () GRACE EDU>
Date: Wed, 4 Jun 2008 08:48:32 -0400
Hi Quinn. We don't require any accounts to expire. By the end of the summer, we should be fully automated where any changes in our ERP automatically changes AD. Any student that isn't registered for a particular semester would be disabled, and any faculty / staff not on payroll the same. All anytime someone is entered into the ERP or added to payroll, a new account it created. I can't speak to the specifics as I am not a part of making this happen. Feel free to email off-list for more details. Right now these process are semi-automated, where HR sends us an email when employees have an entrance or exit interview. For students, we manually run a process From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Shamblin, Quinn (shamblqn) Sent: Monday, June 02, 2008 9:46 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] Exchange and AD Hello everyone, I would like to understand the approaches that different organizations use for a certain aspect of Identity Management. For those of you out there that are running Exchange and use Active Directory to manager your accounts, how are you expiring your user accounts? How do you manage the expiry of normal users, yet have system or shared accounts that do not expire? I apprciate any window you can give me on your approach. Thanks, Regards, Quinn R. Shamblin - UC InfoSec - CISSP, GCFA, PMP - (513) 556-0803 - quinn.shamblin () uc edu
Current thread:
- Exchange and AD Shamblin, Quinn (shamblqn) (Jun 02)
- <Possible follow-ups>
- Re: Exchange and AD Barros, Jacob (Jun 04)