While studying the chapter on Active Directory Objects and Trusts I saw the following recommendation in the section about deprovisioning user accounts:
When a user leaves your company, you have several choices. If a replacement has been hired, you can simply rename the user account for the replacement.
If you continually rename a user account for every new person coming in, won't that schema get completely messed up? I have a married employee who still has an artifact of old name cached in our GAL. When I do rename employee accounts (jsmith to jdoe) their %userprofile% on local computer is still pointing to jsmith. Not to mention permission review/modification.
The above recommendation just sounds jacked, to continually recycle an account by renaming. I much prefer the disabled template account that is copied and modified.
[link] [4 comments]