I don't know how most do this, or the size of the various environments, but what I did at my previous employer was create a group for each year (DenyAccess2008, DenyAccess2009, etc). Then my "DenyAccess" group had current year terminations + my other Groups
DenyAccess
- Joe Smith/US/Domain
- Sally Jones/FR/Domain
- DenyAccess2008
- DenyAccess2009
- etc
At the end of each year, I'd copy all the "DenyAccess" names to a new DenyAccessYEAR group and add the new DenyAccessYear to the DenyAccess Group. Of course, I'd not copy any of the DenyAccessYEAR groups to the others, and left those in the primary "DenyAccess" group.
Granted, I only had to work with about 2000 users, but this made it easy to manage year to year. I'm sure you could do this for multiple locations/regions (DenyAccessFR2008, DenyAccessJP2009, yada yada).
Brian
Feedback response number WEBB8X2QF8 created by Brian Graham on 08/10/2012
 Add User in Deny Group List (Meena Ramesh 10.Aug.12)
 . . Size of your environment? (Brian Graham 10.Aug.12)
. . . . Same thing..Problem exits (Meena Ramesh 11.Aug.12)
. . . . . . code it in your agent (raymond neeves 12.Aug.12) |
Size of your environment?
Return to top
