Admins are usually far too busy to worry about the small things that occur within Active Directory. However, small things can often be huge security issues. For example, say a user account is disabled but their group memberships remain intact. That poses a security issue since the user account is still in the group and still has access to the resources that the group has permissions for.

Instead of ignoring this insecure configuration or trying to manually remove the group membership when the user account is disabled, why not automatically remove the disabled user from all group memberships?

This is easy using a tool like ADManager Plus that provides targeted automated tasks. In fact, not only can you automatically remove disabled users from all groups; you also have the option to target specific disabled users with ease. Figure 1 illustrates what the automation policy would look like, and Figure 2 shows how you can narrow down which disabled users are being targeted.

Figure 1. Automation to remove disabled users from all group memberships.

Figure 2. Filters allow you to target specific disabled users.

With automation scheduling, you can determine how often disabled users are addressed.  Run the automation daily, weekly, monthly, etc.

To see how this security feature can help your organization, download ADManager Plus here.

Related posts: