We’re in week seven of our fITness challenge! If you missed last week’s challenge, you can catch up here.
Week 7: Active Directory Cleanup
Your business’s Active Directory is an important piece of Windows Server, and it’s essential for proper security practices and business cohesion. The purpose is to organize users, resources, systems and services, and it also oversees the authorization and authentication for all of these items.
Why Is Cleaning Your Active Directory Important?
The main reason a clean Active Directory is important is because it’s a single location where administrators can manage network resources and secure them. It enforces the security policies when updating and installing software, along with all the computers on the network. It also facilitates secure management for your entire network.
Active Directories are also used for the purpose of being able to easily find and use information from a single, easily accessible location. It should take you no longer than one minute to find something. If it takes longer – it’s time for a cleanup.
Overall, a clean and organized Active Directory improves security, enables performance improvements, and saves your business time, money, and resources.
Tips To Help You Clean Your Active Directory
- Identify accounts that need disabling/deleting: This should include accounts that are unused, expired, and/or outdated. In addition, you should identify employees on extended or permanent leave and disable their account until they return to work. Also, purge your inactive accounts (accounts that haven’t logged into the network in over 90 days). Lastly, make sure departed employees accounts are deleted.
- TIP: Make this a part of the employee offboarding process.
- Disable unused administrative accounts: This should also include admin accounts that could be built-in. These accounts should be enabled very rarely – such as for setup processes or disaster recovery.
- Clean up user groups: User groups designate access rights to certain groups of users. As people join the company, leave the company, and move within the company, it’s important that the user groups are updated accordingly.
- Automate Active Directory cleaning: No matter the number of accounts your Active Directory has, it’s crucial you continue to observe these accounts’ statuses. Using IT Process Automation (ITPA) is key to maintaining your Active Directory and security. Automated systems help to simplify the process of cleaning, maintaining, and using your Active Directory – just as it should be.