Automate Deactivation of Graduates' User Accounts

Providing well-administrated IT services to a student body can be a challenge. Unlike other IT environments, a large influx and outflux of users occurs at points in time tied to the academic calendar. At the end of an academic year, many thousands of students may permanently leave a school or university system. Once these users graduate, discontinue their education, or perhaps simply move away, IT administrators are left with a huge number of accounts that must be marked as inactive and then dealt with according to system policies.
Sound administration and security practices demand that this cumbersome housekeeping be done quickly and efficiently - yet in the complex distributed networking environments in today's educational systems, this is easier said than done. A typical university infrastructure is a Windows environment running Active Directory to manage user data, security and distributed resources. However, identifying unused accounts, marking them inactive and disabling or deleting them is not an automated process out of the box. Though these individual functions can be done within Active Directory, a signi"cant investment in admin time is needed to do so when dealing with many thousands of users.

The solution
An automated solution to this problem should take advantage of the Active Directory functionality in a manner that streamlines and simplifies the process for the sys admin. It should check all user accounts in specified domains at an interval set by the administrator, and automatically disable those accounts. In addition, this utility should address the issue of differing lastLogon data in a system: this attribute represents the last time a user was authenticated by a specific Domain Controller, but AD does not replicate this value. As a result, the lastLogon value will be different on each DC. A well-designed admin utility will query all DCs in the domain and use the most recent logon time, also called the "true last logon", thus ensuring that the most current and correct parameters are used in determining whether or not an account is truly inactive.

Implementation: NetWrix Inactive Users Tracker
The Inactive Users Tracker utility from NetWrix meets these criteria. It is a simple, effective tool for educational IT administrators who need a cost-effective, time-saving way to deal with a multitude of periodically or permanently inactive users. A freeware version is available that identifies inactive accounts in the intelligent manner outlined above; using this, admins can then manually disable or delete the identified accounts. The commercial version of Inactive Users Tracker allows the admin to automatically disable user accounts, customize emails alerts and messages, and comes with technical support. The free download of Inactive Users Tracker offers a demonstration of the exceptional value of this utility in educational IT administration.