Preventing Unwanted User Purges

Permanently removing a user from the LDAP directory should always be the final step in a carefully planned procedure. Once you purge a user, it can be hard to retrieve the user information from back-up data, if that should become necessary.

Therefore, each procedure described here includes a first step that disables the user. After a user is disabled, that user cannot access the applications (the mailbox or calendar), but the user entry itself remains in the directory.

A later step permanently removes the user from the directory.

You can choose to run the purge step immediately after the disable step, or you can allow a period of time to pass between these steps to ensure that no user is accidentally purged.

Delegated Administrator provides a built-in grace period, which you can reset with a simple command-line option. This is one of the advantages of using Delegated Administrator.

If you use direct LDAP tools to remove the user, you can set an administrator-managed grace period as a best practice.