Permanently removing a user from the LDAP directory should always be the final step in a carefully planned procedure. Once you purge a user, it can be hard to retrieve the user information from back-up data, if that should become necessary.
Therefore, each procedure described here includes a first step that disables the user. After a user is disabled, that user cannot access the applications (the mailbox or calendar), but the user entry itself remains in the directory.
A later step permanently removes the user from the directory.
You can choose to run the purge step immediately after the disable step, or you can allow a period of time to pass between these steps to ensure that no user is accidentally purged.
Delegated Administrator provides a built-in grace period, which you can reset with a simple command-line option. This is one of the advantages of using Delegated Administrator.
If you use direct LDAP tools to remove the user, you can set an administrator-managed grace period as a best practice.