EV_Novice
15 years agoLevel 5
leavers policy advice desperately needed.
Leavers Policy in EV 2007 SP3:
I've got to the point where I feel I'm trying to knit fog and not making any headway at all...
I've read some articles on best practise and although beautifully written, they have exposed a ticklish issue for me.
The recommendation in various places is to add all leavers to a leavers AD group and use that group in the leavers policy within EV. Elsewhere the suggestion is to use custom attributes within those leavers contained in the leavers group in AD.
My little problem is that our AD folk have decided that they place all leavers in a 'disabled' pool that gets cleared down periodically, so in essence many of those leavers simply disappear from the system.
The disabled pool also gets used for folk who are temporarily suspended for one reason or another. We use a lot of short term contractors, most of whom don't reappear, but those who do return are often given new unique user id's.
Appreciate a solution to this granny knot that often feels like it's turning into a Gordion knot.
Thanks for your attention.
I've got to the point where I feel I'm trying to knit fog and not making any headway at all...
I've read some articles on best practise and although beautifully written, they have exposed a ticklish issue for me.
The recommendation in various places is to add all leavers to a leavers AD group and use that group in the leavers policy within EV. Elsewhere the suggestion is to use custom attributes within those leavers contained in the leavers group in AD.
My little problem is that our AD folk have decided that they place all leavers in a 'disabled' pool that gets cleared down periodically, so in essence many of those leavers simply disappear from the system.
The disabled pool also gets used for folk who are temporarily suspended for one reason or another. We use a lot of short term contractors, most of whom don't reappear, but those who do return are often given new unique user id's.
Appreciate a solution to this granny knot that often feels like it's turning into a Gordion knot.
Thanks for your attention.
- Hello EV_Novice,
As Maxwits say, provisioning can be large (and, as the ou seems to be cleared out, would it really grow large?).
You write 'disabled pool'. Are accounts being disabled?
If so, you need to set a registry entry to archive from disabled accounts.
As for people returning, and getting a new id, if they require access to their old existing archive, you could set SynchInMigration mode key I think, or assign new account to old archive.
Also the remark of EV_Noodles (no shortcuts) is correct. If you upgrade to ev8 (sp4 or 5 when out) you get virtualvault, no need for shortcuts at all.