Deleting and Disabling Users
In this lecture, I'll be teaching you how to delete and disable Active Directory User accounts.
Now, we created this Disabled Users OU, currently, there are no users in this. So, let's go ahead and disable the Paul Hill User account. Now again, to do this, we are just going to hit the Find button up here and we are going to search for Paul Hill, and we are going to click Find Now.
Again, nothing is showing up because I need to change the OU that I am searching In, and I'll just select the domain and hit Find Now.
Here we have the Paul Hill user account. Now, what I am going to do is right-click and choose Disable Account.
Now, if anybody tries to access this user account they are going to get a message saying "Sorry, this account is disabled you can't log in with it".
It's a good practice to move this user out of the Domain Users OU and put it in the Disabled Users OU. This is because it allows you to kind of double-check your work, meaning that, if you want a user account to be disabled it should be in this OU. That way if an account for some reason is not disabled but is in this OU, we probably know that that account should be disabled. We can also write automation with PowerShell to comb through it and disable any user account that is inside this OU. There's a lot of automation we could do using this kind of setup, but what we are going to do since we disabled it is to right-click the User and choose and we are going to choose Move. Next, we select Server Academy and we are going to select Disabled Users and will hit OK.
So now if I close this and I Refresh this view here, now we have this Organizational Unit, Disabled Users, and our disabled user Paul Hill is here. Again, if I click Enable Account and I look through this list and I see Paull Hill is not disabled and it is in this OU then I probably know that it should be disabled. Or maybe it was placed in this OU by accident.
Again, we can also create Group Policy Objects and apply policies that do things like, do not allow login to the computers or things like that if they are in this OU, just is an added layer of security. Just in case somebody does mean to disable the user account but they don't actually hit Disable Account.
Now, if we want to delete an account you would disable the account for a certain period of time like maybe 30 days or 90 days, and then you will delete the account. And, I have seen this done by simply going to the Telephones Tab and adding a note saying I disabled this account on whatever today date is today.
So, to delete an account we are simply going to click and we are going to choose Delete. Now, keep in mind that with most things in Active Directory you cannot easily undo things that you delete, okay, so is very important that when you are deleting something you are very very careful.
Sign up to access the rest of this lesson
You must either log in or sign up to access this lesson.