0
I already have procedures in place to remove a user from our domain when they leave their role. In many cases, it's as simple as removing the user from AD.
Should I go further, for example, by deleting their user folder on their PC?
I have googled 'Decommission Windows User', but there doesn't seem to be any documentation or best practices...
This is entirely up to you. – Ramhound – 2018-08-20T11:16:12.703
What problem are you trying to solve? Are you concerned disabling the AD user account isn't sufficient to block their access? – I say Reinstate Monica – 2018-08-20T11:30:15.733
I would hope that removing a user from AD would be enough to block their access, at least on a machine that was connected to the DC! But I was wondering if there are any other sensible/well known steps that I should follow other than removing the account. If there are none, then I will still be happy! – 3-14159265358979323846264 – 2018-08-20T15:29:32.080
@DavidPostill. Do you have any recommendations as to where I should post this sort of question, as it cannot be reworded? If i google superuser, the description is "Super User is a question and answer site for computer enthusiasts and power users". Surely this is a power user question, and sometimes a collection of opinions is actually the best answer you could ask for. Is my question not relevant in the power user arena? – 3-14159265358979323846264 – 2018-08-21T09:37:06.973