Junhao wrote: [snip] > My workplace does not have a policy to handle this situation, so I am > wondering how everyone handles this age-old problem. Any advice? > > I can only think of these 2 methods: > 1) create local users to replace the AD user. > There no confusion about the person who generated the data long time > past, and institutional knowledge can be preserved. However, this > becomes a management headache. > > 2) create a general user to own all these files. Simple solution, at the > expense of institutional knowledge. > > 3) request for the accounts to be locked, not deleted. I think Security > will scream... > > Any advice?
Ah, yes, something I know. I recommend that the managers of the AD be requested to maintain a specific account that file ownership may be moved to (similar to your option 2, above). This account can even be called Legacy Files, or Legacy Users, or something similar to denote that it is a role account, rather than a specific user. You may also prefer that this "user" be treated as a group within AD rather than a user, and then user profiles may be managed within it, but this is a more difficult solution. One hopes that you are not in the situation where these users have created multiple files all around the operating system. If you are, then part of the process for outbound users should be a massive find command, where all files owned by the user are noted and listed, placing this information in a file in the directory formerly owned by said user (hopefully the directory name for the user account does not change when the user leaves). This can all be managed using your option 2, assuming that you have the cooperation of the AD manager(s). As a former ISSO, this is what I have done in past, when user files were integral to other's knowledge and day-to-day work. I have seen files still in daily use by others two or three years later. Leaving them where they are expected to be found was the best solution. YMMV. -- Do not meddle in the affairs of wizards, for they are subtle, and quick to anger. Do not meddle in the affairs of dragons, for you are crunchy, and taste good with catsup. _______________________________________________ Discuss mailing list Discuss@lopsa.org http://lopsa.org/cgi-bin/mailman/listinfo/discuss This list provided by the League of Professional System Administrators http://lopsa.org/
