Body
Summary
ITS has implemented lifecycle management of non-uniqname accounts (privileged ("1" and "2") accounts, service accounts etc). The lifecycle time frames are listed below:
- Accounts not used within a 90 day window are disabled.
- Accounts not used within a 120 day window are deleted and a ticket must be submitted to ITS to recover them.
- Accounts which have not been used within 300 days are purged. Accounts must be recreated.
Environment
All non-uniqname accounts in Active Directory (AD).
Directions
To keep non-uniqname AD accounts active, they must record domain based usage every 90 days. This activity can be accomplished by:
- Logging into a domain-joined Windows workstation or server.
- Logging into Passwordstate.
- Completing other domain authentication triggering activities.
Note: Privileged accounts may have access to systems that will not trigger a domain authentication upon login. Perform steps 1 or 2 above at least once every 90 days if you are unsure if authentication requirements have been met.